CCFinder
CCFinder is a suite of utilities designed to facilitate the discovery, organization, and querying of financial data and related personally identifiable information in large-scale investigations. Its...
View ArticleCryptHunter
CryptHunter detects mounted encrypted volumes and active full-disk encryption on running computer systems. The tool responders and investigators to the need to execute a forensic collection of data...
View ArticleAfterLife
AfterLife permits the collection of physical memory contents from a system after a warm or cold reboot. The tool is an extension of the msramdump utility by Wesley McGrew that adds forensic features...
View ArticleDINO
DINO is a lightweight front end for network visualization. DINO, short for Drop In Network Observer, utilizes the open source network monitoring tools SiLK and SNORT to create an easy-to-use dashboard...
View ArticleClik here to view.
The Log Analysis Tool Kit (LATK)
The Log Analysis Tool Kit (LATK) version 1.5.4 is a collection of command line and web-based tools for use in incident response and long-term analysis of web server and proxy server log data. LATK can...
View ArticleThe CERT Clustered-Computing Analysis Platform (C-CAP)
The CERT Clustered-Computing Analysis Platform (C-CAP) is a state-of-the-art forensics analysis environment that accommodates a complete suite of tools for host-based and network investigations. The...
View ArticleMalicious Code Automated Run-Time Analysis (MCARTA)
Malicious Code Automated Run-Time Analysis (MCARTA) is a complete incident analysis framework with respect to run-time analysis with automated log and pocket data correlation. MCARTA catalogs tracking,...
View ArticleBigGrep
BigGrep is a tool to index and search a large corpus of binary files that uses a probabalistic N-gram based approach to balance index size and search speed.
View ArticleSiLK, the System for Internet-Level Knowledge
SiLK, the System for Internet-Level Knowledge, is a collection of traffic analysis tools developed by the CERTNetwork Situational Awareness Team (CERT NetSA) to facilitate security analysis of large...
View ArticleClik here to view.
Andriller - Android Forensic Tools
Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has other features,...
View ArticleVirusShare Hash Sets
Links to lists of MD5 hashes for all of the malware samples contained in each of the zip files shared via the torrents. Each list is published after each torrent is uploaded. Each list is a plain text...
View ArticleCERT-W/certitude
CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. ** CERTitude aims at performing large scale scans of Windows-based (for now)...
View ArticleClik here to view.
PSInspect
PSInspect PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later. Self-contained Windows Metadata Extraction: User Accounts System Configuration...
View ArticleSessionGopher – Session Extraction Tool
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run...
View Articlewoanware lnkanalyser
Windows shortcut (LNK) files hold a wealth of useful information for forensic investigators. There are a number of LNK file parsers out there, and most are ok, some are incorrect and some just don’t...
View Articlespectrology – Basic Audio Steganography Tool
spectrology is a Python-based audio steganography tool that can convert images to audio files with a corresponding spectrogram encoding, this allows you to hide hidden messages via images inside audio...
View Articlepe_recovery_tools
Small tool for recovering erased imports of a dumped PE fileUseful in recovering executables dumped from the memory. Dedicated to cases when the imports has been erased after loading (anti-dumping...
View ArticleClik here to view.
R-Studio
Empowered by the new unique data recovery technologies, R-STUDIO is the most comprehensive data recovery solution for recovery files from NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+ (Macintosh),...
View ArticleR-Mail
R-Mail is a family of e-mail recovery utilities for damaged files and deleted messages created by Microsoft Outlook* (later referred to as "Outlook") and Microsoft Outlook Express* (later referred to...
View Article
