python-iocextract
Advanced Indicator of Compromise extractor. Add support for detecting and decoding base64-encoded URLs.Category: Internet and ChatCategory URL:...
View ArticleEric Zimmerman VSCMount
A simple way to mount Volume Shadow Copies from the command line without having to do much of anything except provide the drive letter to where the VSCs are and where you want the VSCs to be mounted...
View ArticleAtola Insight Forensic
Atola Insight Forensic offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level, wrapped in a very simple and efficient user interface. The...
View ArticleMalwoverview.py
Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples (not zipped). This tool aims to : Determining similar executable malware samples...
View ArticleNTFS Log Tracker
This tool can parse $LogFile, $UsnJrnl of NTFS. A input of this tool is sample file extracted by another tool like Encase, Winhex. If you want to see "Full Path" information, you should input $MFT...
View ArticleRP Log Tracker
This tool can parse "change.log.*" file of Restore Point in Windows XP.Category: Restore PointCategory URL: http://www.dfir.training/component/mtree/forensic-utilities-windows/restore-point?Itemid=
View ArticleClik here to view.
HELK
A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities. Category: Threat HuntingCategory URL: http://www.dfir.training/component/mtree/incident-response/threat-hunting?Itemid=
View ArticleXT_IMAGE
Viewer X-Tension that allows you to use digital image processing algorithms to enhance pictures from within X-Ways Forensics.Category: X-Ways 3rd Party ToolsCategory URL:...
View ArticlePDF Compatibility
Fixes a print bug (missing text when printing certain PDF documents) in the Oracle OutsideIn viewer component that was found by Ruslan Yushaev and reported to Oracle by X-Ways on May 21, 2017. The...
View ArticleXT_RAW
Identifies and converts RAW files created by modern digital cameras.Category: X-Ways 3rd Party ToolsCategory URL: http://www.dfir.training/component/mtree/by-developer/3rd-party?Itemid=
View ArticleKPF a.k.a. C4All
"C4All is a program used by law enforcement and others to categorize pictures and videos. Category: X-Ways 3rd Party ToolsCategory URL:...
View ArticleBinary Large Object X-Tension
This X-Tension is used to extract Binary Large Object (BLOB) data from Sqlite databases.This is data, such as picture or movie files, which can difficult to carve out of database files due to the way...
View ArticleLuhn Credit Card Check
Can be used during GREP searches for credit card numbers. Verifies all search hits using the Luhn algorithm and discards false search hits, to reduce the output of irrelevant numbers. Load the...
View Articleremotecache.py
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any...
View Articlebmc-tools
RDP Bitmap Cache parser.Category: RDP CacheCategory URL: http://www.dfir.training/component/mtree/forensic-utilities-windows/rdp-cache?Itemid=
View Articler-winreg
Windows Registry Parsing LibraryCategory: RegistryCategory URL: http://www.dfir.training/component/mtree/forensic-utilities-windows/registry?Itemid=
View Articleevtx2json
evtx2json extracts events of interest from event logs, dedups them, and exports them to json. Category: Event LogsCategory URL:...
View ArticleEventCleaner
A tool mainly to erase specified records from Windows event logs, with additional functionalities. Category: Anti/Counter ForensicsCategory URL:...
View ArticleDEFCON 2018 DFIR CTF
Category: CTF & ChallengesCategory URL: http://www.dfir.training/component/mtree/test-images-and-challenges/ctf?Itemid=
View Articlelibfsapfs
Library and tools to access the Apple File System (APFS)Category: Forensic Utilities - MacCategory URL: http://www.dfir.training/component/mtree/forensic-utilities-mac?Itemid=
View Article