Mobile Device Images
The UFED Reader is an application allowing users to share analysis reports. Features include: advanced analyzing capabilities (e.g., search and entity bookmark functionalities) and report generation in...
View ArticlePublicly available PCAP files
This is a list of public packet capture repositories, which are freely available on the Internet.Most of the sites listed below share Full Packet Capture (FPC) files, but some do unfortunately only...
View ArticleReverse Engineering Malware
All material is licensed with an open license like CreativeCommons, allowing anyone to use the material however they see fit, so long as they share modified works back to the community.
View Articlep0wnlabs
The community has coughed up some classic distributions full of juicy targets and p0wnlabs is testing out a program to host them for your hacking pleasure. Simply configure your system to connect to...
View ArticleSpy Hunter Holiday Challenge 2014
This holiday season I have created a network forensics challenge for the community to try and solve. This scenario, called “Spy Hunter – Operation Hermes” is the first in a new series I am going to...
View ArticleJackCR ISSA 2013 Netwars Challange - Memory Issues
Unlike @JackCR's previous challenges, this one is 1. from a Linux server, and 2. does not have a memory component. Well, that is not entirely accurate, there is a memory dump but it is not usable...
View ArticleBitscout – The Free Remote Digital Forensics Tool Builder
Bitscout 2.0 Date: July 2017 Author: Vitaly Kamluk // Vitaly.Kamluk [at] kaspersky[.]com This project is created by security researchers for security researchers. In addition, it can be useful to Law...
View ArticleSecurcube®PhoneLog
Securcube®Phonelog, software for the cross-analysis of CDRs (Call Detail Records), historical cell site location information (HCSLI), namely CSA, mobile extraction contents, GPS tracks and much more,...
View ArticleSecurcube®BTS Tracker
The BTS (Base Transceiver Station) measurement is a rising forensics analysis able to fulfil lack of clues given by the mobile devices. Securcube®BTS Tracker performs the scan of the real cell towers...
View Articlehashdb archives
Our datasets We offer both data in raw format (archives of random torrent files), as well as pre-processed hasdhbdatabases. Make sure to run "7z x" to extract the archives to keep the folder structure...
View ArticleClik here to view.
DB Browser for SQLite 3.10.0 Beta 1
All builds (both Windows and MacOS X) include SQLCipher for strong encryption. The version of SQLCipher included is a bit old. Our next beta or Release Candidate will include the newest version. The...
View ArticlemacMRU-Parser
Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.
View ArticleRustyLnk
A fast and cross platform LNK Parser written in Rust that gives you the ability to query the records via JMESPath queries. Output is JSONL. RusyLnk 0.1.0 Matthew Seyer...
View Articlefuse-mft
fuse-mft is a FUSE file system driver for MFT files. It allows an analyst to mount the file system tree defined by an MFT on their analysis machine. Then, they can use familiar command line or...
View ArticleAppCompatCacheParser
AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
View ArticlePassword Cracking Test Data
Here are some files to test your password cracking skills. All of them can be done in less than a few hours with CPU-based cracking. You can download the file and practice hash extraction + cracking,...
View ArticleForensic Email Collector (FEC)
Description: Forensic Email Collector (FEC) is a digital forensics software developed by Metaspike. FEC connects to cloud email providers and forensically preserves email evidence. Features: Connects...
View Articlelifer
A forensic tool for Windows link file examinations (i.e. Windows shortcuts) SYNOPSIS 'lifer' is a Windows or *nix command-line tool inspired by the whitepaper 'The Meaning of Link Files in Forensic...
View ArticleClik here to view.
RegRipper GUI
The rationale behind it is that you can quickly run plugins without having to look up which hives they relate to, and you can quickly click through and add them to a text report. If the plugin...
View Article