CyLR CDQR Forensics Virtual Machine (CCF-VM)
The CCF-VM was designed to provide an all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts...
View ArticleMailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be...
View ArticleVolatilityBot
VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory...
View ArticleArsenal Recon Hibernation Recon
Hibernation Recon has been developed to not only support memory reconstruction from Windows XP, Vista, 7, 8/8.1, and 10 hibernation files, but to properly identify and extract massive volumes of...
View ArticleClik here to view.
WhatsApp Viewer
Small tool to display chats from the Android msgstore.db. Supported versions are crypt5, crypt7, crypt8 and crypt12. Features You are looking for a way to: View your WhatsApp chats on PC Have a backup...
View ArticleForensic CTF: Baud.. James Baud..
betweentwodfirns.blogspot.com/2016/11/forensic-ctf-baud-james-baud.html drive.google.com/open?id=0B9v_bn3f4uetZWt4cmxQVmNRa1E
View ArticleForensic CTF - Bob's Chili Burgers Website Hacked
drive.google.com/file/d/0B9v_bn3f4uetYUtTWDZuanlDNG8/view?usp=sharing betweentwodfirns.blogspot.com/2016/06/forensic-ctf-bobs-chili-burgers-website.html
View ArticleNIST Hacking Case Tutorial: Wrap up an Old-School Badguy by Happy Hour
betweentwodfirns.blogspot.com/2016/04/nist-hacking-case-tutorial-wrap-up-old.html www.cfreds.nist.gov/Hacking_Case.html
View ArticleNBDServer
Windows Network Block Device Server 2012 Jeff Bryner A DFIR/forensic take on nbdsrvr by Folkert van Heusden (www.vanheusden.com/windows/nbdsrvr/) Modified to 1) allow you to specify a whitelist IP...
View ArticleTheHive
TheHive is a scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be...
View ArticleThe Hive
TheHive is a scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be...
View ArticleClik here to view.
Gransk
Document processing for investigations. Unpack, extract, organize and present relevant information from large collections of documents. Gransk is a free and open source project.
View ArticleiOS Backup Examiner
iOS Backup Examiner - A forensics tool for parsing an iOS backup's Info.plist file
View ArticleWindows Hibernation File Decompressor
Comae Hibernation File Decompressor (SANDMAN project) Back in 2007 [1], after reversing Microsoft Windows Kernel Power Management functions and its compression algorithm. I started an open source...
View ArticleFast Library Identification and Recognition Technology (FLIRT) Signature File...
What is FLIRT? Fast Library Identification and Recognition Technology, also known as FLIRT, is IDA's internal symbols identifier that searches through disassembled binaries in order to locate, rename,...
View Articlesquidmagic
analyze a web-based network traffic squidmagic is a tool designed to analyze a web-based network traffic to detect central command and control (C&C) servers and Malicious site, using Squid proxy...
View ArticleClik here to view.
NSRL-Stripper
A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database
View Articlebootcode_parser
bootcode_parser.py is a Python script designed to perform a quick offline analysis of the boot records used by BIOS based systems (UEFI is not supported). It is intended to help the analyst triaging...
View Article