lemon: eBPF Memory Dump Tool
LEMON is a Linux and Android memory dump tool that utilizes eBPF to capture the entire physical memory of a system and save it in LiME format, compatible with forensic tools such as Volatility...
Category: Data Forensics
aftermath: Swift-based, open-source macOS incident response framework
Aftermath Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an...
xpid: Linux Process Discovery
xpid It’s nmap but for pids. xpid gives a user the ability to “investigate” for process details on a Linux system. For example, a sleeping thread will have a directory /proc/[pid] that can be navigated to,...
LEAF: Linux Evidence Acquisition Framework
Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules...
Zircolite: fast SIGMA-based detection tool for EVTX or JSON Logs
Zircolite is a standalone tool written in Python 3 that allows you to use SIGMA rules on: MS Windows EVTX (EVTX, XML, and JSONL formats) Auditd logs Sysmon for Linux EVTXtract CSV and XML logs...
WELA: Windows Event Log Analyzer
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...
scirius: web application for Suricata ruleset management and threat hunting
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is available under the GNU GPLv3...
Live Forensicator: Powershell Script to aid Incidence Response and Live Forensics
Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering...
Fennec: Artifact collection tool for *nix systems
Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect...
SentryPeer: distributed list of bad IP addresses and phone numbers
SentryPeer A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot. This is basically a fraud detection tool. It lets bad actors try to make phone calls and...
Digital Forensics Lab: Free hands-on digital forensics labs for students and faculty
Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository Features of Repository Interactive Digital Forensics Labs: Tailored for students and faculty engagement Linux-Centric Lab Environment: Utilizes Kali Linux exclusively for all labs Visual Learning Support: Each lab...
ntfstool: Forensics tool for NTFS
ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...
tpotce: The All In One Honeypot Platform
T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...
CyberPipe: collect memory and disk forensics
CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload...
honeypots: 30 honeypots in a single pypi package
honeypots 30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. The honeypots respond back, non-blocking, can be used as objects, or called directly...
IPED Digital Forensic Tool
IPED Digital Forensic Tool IPED is open-source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners....
