Category: Data Forensics

Linux Security

LSMS: Linux Security and Monitoring Scripts

Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each script works on its...

RouterOS Security

Sara: RouterOS Security Inspector

RouterOS configuration analyzer to find security misconfigurations and vulnerabilities. Sara does not bypass authentication, exploit vulnerabilities, or alter RouterOS configurations. It works in read-only mode, requiring no administrative privileges. If you are unsure about the interpretation...

Memory Dump Tool

lemon: eBPF Memory Dump Tool

LEMON is a Linux and Android memory dump tool that utilizes eBPF to capture the entire physical memory of a system and save it in LiME format, compatible with forensic tools such as Volatility...

Linux Process Discovery

xpid: Linux Process Discovery

xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...

Linux Evidence Acquisition

LEAF: Linux Evidence Acquisition Framework

Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...

Windows Event Log Analyzer

WELA: Windows Event Log Analyzer

WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...

Artifact collection tool

Fennec: Artifact collection tool for *nix systems

Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect...

NTFS Forensics tool

ntfstool: Forensics tool for NTFS

ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...

Honeypot Platform

tpotce: The All In One Honeypot Platform

T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...