diskover diskover is an open-source file system indexer that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files, and system...
Volatility 3: The volatile memory extraction framework Volatility is the world’s most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system...
Velociraptor – Endpoint visibility and collection tool. Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic, and cyber response platform. It was originally developed by DFIR professionals who needed a powerful and efficient...
ActivityWatch The goal of ActivityWatch is simple: Enable the collection of as many valuable lifedata as possible without compromising user privacy. What ActivityWatch is A set of watchers that record relevant information about what you...
Slhasher – Bulk VirusTotal Hash Lookups Slhasher is a collaborative tool designed to perform bulk SHA256 hash lookups through a graphical user interface. It integrates with VirusTotal to fetch hash metadata and supports exporting...
Extract VMK of BitLocker volume with TPMAndPIN protector and knowing PIN Technic to extract VMK from the bitlocker volume that TPM protects are already documented in different publications. This GitHub repo gives a toolset...
scared scared is a library that aims to provide tools to achieve side-channel analysis. It provides pretty high-level APIs, and ready-to-use tools to quickly run classic CPA, DPA, … leakage, and reverse analysis. It...
EVTX A cross-platform parser for the Windows XML EventLog format Features 🔒 Implemented using 100% safe rust – and works on all platforms supported by rust (that have stdlib). 🚀 Multi-threaded. ✨ Supports XML and JSON outputs,...
The Memory Process File System: The Memory Process File System (MemProcFS) is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point-and-click memory analysis without the...
RecoverPy You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten files. RecoverPy searches through every block of your partition to find your request....
Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...
Loki: like Prometheus, but for logs. Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost-effective and easy to operate. It does not index the contents...
Watcher Watcher is a Django & React JS automated platform for discovering new potential cybersecurity threats targeting your organization. It should be used on web servers and available on Docker. Watcher capabilities Detect emerging...
LNAV — The Logfile Navigator The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as...
Tcpreplay Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as...
UAC (Unix-like Artifacts Collector) UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD,...
