Live-Forensicator – Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities andRead More

Digital-Forensics-Lab – Free Hands-On Digital Forensics Labs For Students And Faculty

Features of Repository =================== Hands-on Digital Forensics Labs: designed for Students and Faculty Linux-based lab: All labs are purely based on Kali Linux Lab screenshots: Each lab has PPTs with instruction screenshots Comprehensive: Cover many topics in digital forensics Free: All tools are open source Updated: The project is funded by DOJ and will keepRead More

AzureHunter – A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365

A Powershell module to run threat hunting playbooks on data from Azure and O365 for Cloud Forensics purposes. Getting Started 1. Check that you have the right O365 Permissions The following roles are required in Exchange Online, in order to be able to have read only access to the UnifiedAuditLog: View-Only Audit Logs or AuditRead More

Androidqf – (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise

androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of Snoopdroid, re-written in Go and leveraging official adb binaries. androidqf is intended to provide a simple and portable cross-platform utility to quickly acquire data from Android devices. It is similar inRead More

NTFSTool – Forensics Tool For NTFS (Parser, MTF, Bitlocker, Deleted Files)

NTFSTool is a forensic tool focused on NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted volume, EFS encrypted files and more. See below for some examples of the features! Features Forensics NTFSTool displays the complete structure of master boot record, volume boot record, partition table andRead More

CSIRT-Collect – PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission requirements for said directory will be dependent on the nuances of the environmentRead More

Volatility GUI – GUI For Volatility Forensics Tool

This is a GUI for Volatility forensics tool written in PyQT5 Prerequisites: 1- Installed version of Volatility. 2- Install PyQT5. sudo apt-get install python3-pyqt5 3- Download Volatility GUI. Configuration From the downloaded Volatility GUI, edit file to specify 1- Python 2 bainary name or python 2 absolute path in python_bin. 2- Volatility binary absoluteRead More

packetStrider – A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with (AKA Why?) SSH is obviously encrypted,Read More