Awesome Forensics Resources | Almost 300 Open-Source Forensics Tools | 600 Blog Posts About Forens

SaM · March 10, 2020, 4:08pm

All open source security tools I collected: sec-tool-list: More than 18K. Both Markdown and Json format.
Reverse Engineering Resources: awesome-reverse-engineering: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/Qemu/AndroidSecurity/iOSSecurity/WindowSecurity/LinuxSecurity/GameHacking/Bootkit/Rootkit/Angr/Shellcode/ProcessInjection/CodeInjection/DLLInjection/WSL/Sysmon/…
Network Related Resources: awesome-network-stuff: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc
Offensive Security Resources: awesome-cyber-security: Vulnerability/Pentest/IoTSecurity/DataExfiltration/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/AntiVirus/CobaltStrike/Recon/OSINT/SocialEnginneringAttack/Password/Credential/ThreatHunting/Payload/WifiHacking/PostExploitation/PrivilegeEscalation/UACBypass/…
open source RAT and malicious RAT analysis reports: awesome-rat: RAT for all platforms: Windows/Linux/macOS/Android; malicious RAT analysis reports
Webshell Resource Collection: awesome-webshell: Almost 150 open source tools, and 200 blog posts about webhsell.
Forensics Resource Collection: awesome-forensics: Almost 300 open source forensics tools, and 600 blog posts about forensics.
Forensics

Directory

Recent Add

2019.12 [sans] HSTS For Forensics: You Can Run, But You Can’t Use HTTP
2019.12 [eforensicsmag] 6 Threat Intelligence Sources That Will Help Enhance Digital Forensics Readiness | By Jonathan Zhang
2019.12 [mac4n6] New(ish) Presentation: Poking the Bear - Teasing out Apple’s Secrets through Dynamic Forensic Testing and Analysis
2019.12 [4hou] 移动设备数字取证过程概述（下）
2019.12 [4hou] 移动设备数字取证过程概述（上）
2019.11 [freebuf] DFIRTriage：针对Windows的事件应急响应数字取证工具
2019.11 [freebuf] Windows系统安全事件日志取证工具：LogonTracer
2019.11 [compass] Challenging Your Forensic Readiness with an Application-Level Ransomware Attack
2019.11 [freebuf] AutoMacTC：一款针对macOS环境的自动化取证分类采集器
2019.11 [eforensicsmag] CRYPTO & DATA ERASURE: After forensic analysis drives should be securely wiped | By Paul Katzoff
2019.10 [eforensicsmag] Encrypted file system forensics - Introduction (EXT4) [FREE COURSE CONTENT]
2019.10 [4hou] iPhone取证的通用方法
2019.10 [Cooper] Beyond Windows Forensics With Built-in Microsoft Tooling - Thomas Fischer
2019.10 [Cooper] Memory Forensics Analysis Of Cisco IOS XR 32 Bits Routers With ‘Amnesic-Sherpa’ - Solal Jacob
2019.10 [4hou] 如何在Windows上重现macOS上的取证技巧
2019.10 [HackersOnBoard] Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machine
2019.10 [HackersOnBoard] Black Hat USA 2016 Memory Forensics Using Virtual Machine Introspection for Cloud Computing
2019.10 [elcomsoft] Installing and using iOS Forensic Toolkit on macOS 10.15 Catalina
2019.09 [mac4n6] Just Call Me Buffy the Proto Slayer – An Initial Look into Protobuf Data in Mac and iOS Forensics
2019.09 [venus] RDP 登录日志取证与清除
2019.09 [freebuf] Usbrip：用于跟踪USB设备固件的简单CLI取证工具
2019.09 [PositiveTechnologies] Forensics: why there are no perfect crimes
2019.09 [sans] Strengthen Your Investigatory Powers by Taking the New FOR498: Battlefield Forensics & Data Acquisition Course from SANS
2019.09 [4hou] 什么是数字取证(Digital forensics)？如何在这个热门领域站稳脚跟？
2019.09 [4hou] 使用osquery进行远程取证
2019.09 [elcomsoft] Apple TV Forensics 03: Analysis
2019.09 [securelayer7] CAN Bus protocol Penetration testing and forensics
2019.09 [hackers] Network Forensics, Part 3: tcpdump for Network Analysis
2019.09 [freebuf] 浅谈电子数字取证技术
2019.09 [diablohorn] Notes on ZFS / Solaris forensics
2019.08 [THER] [tool] Network Forensics with Tshark
2019.08 [elcomsoft] Passcode vs. Biometrics: Forensic Implications of Touch ID and Face ID in iOS 12
2019.08 [hackers] Digital Forensics, Part 11: Recovering Stored Passwords from the Browser
2019.08 [freebuf] MIG：一款功能强大的高速分布式实时数据取证工具
2019.08 [freebuf] 用于监控USB设备连接事件的取证工具
2019.08 [0x00sec] CAN-bus protocol pentesting and forensics
2019.08 [4hou] 有没有想过一个问题，适用于移动设备的取证方法能否照搬到台式计算机上？
2019.08 [mac4n6] New Presentation from SANS DFIR Summit 2019 - They See Us Rollin’, They Hatin’ - Forensics of iOS CarPlay and Android Auto
2019.08 [X13Cubed] NTFS Journal Forensics
2019.08 [MastersInEthicalHacking] Computer Forensic Tutorials || Install Dumpzilla on Kali Linux
2019.07 [elcomsoft] Extended Mobile Forensics: Analyzing Desktop Computers
2019.07 [eforensicsmag] Mounting forensic images using losetup cli [FREE COURSE CONTENT]
2019.07 [elcomsoft] iOS 13 (Beta) Forensics
2019.07 [infosecinstitute] Getting started in digital forensics
2019.07 [4hou] iOS越狱和物理取证指南
2019.07 [4hou] 对Apple Watch的取证分析（续）
2019.07 [eforensicsmag] Case Study: Extracting And Analyzing Messenger Data With Oxygen Forensic Detective | By Nikola Novak
2019.07 [andreafortuna] How to convert a Windows SFS (Dynamic Disks) partition to regular partition for forensic analysis
2019.07 [4hou] Apple TV和Apple Watch的取证分析
2019.07 [arxiv] [1907.01421] Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts
2019.06 [arxiv] [1907.00074] Forensic Analysis of Third Party Location Applications in Android and iOS
2019.06 [elcomsoft] Apple Watch Forensics 02: Analysis
2019.06 [hackers] Network Forensics, Part 2: Packet-Level Analysis of the NSA’s EternalBlue Exploit
2019.06 [elcomsoft] Apple TV and Apple Watch Forensics 01: Acquisition
2019.06 [eforensicsmag] Forensic Analysis of OpenVPN on iOS | By Jack Farley
2019.06 [mac4n6] New Presentation from MacDevOpsYVR 2019 - Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
2019.06 [eforensicsmag] Forensic Acquisitions over Netcat | By Ali Hadi
2019.06 [arxiv] [1906.10625] Antiforensic techniques deployed by custom developed malware in evading anti-virus detection
2019.06 [h2hconference] Memory anti-anti-forensics in a nutshell - Fuschini & Rodrigues - H2HC 2013
2019.06 [elcomsoft] Forensic Implications of iOS Jailbreaking
2019.06 [arxiv] [1906.05268] Differential Imaging Forensics
2019.06 [eforensicsmag] My Digital Forensic Career Pathway | By Patrick Doody
2019.05 [trailofbits] Using osquery for remote forensics
2019.05 [freebuf] CyberScan：用于数据包取证的渗透工具
2019.05 [HackEXPlorer] Digital Photo Forensics: How To analyze Fake Photos
2019.05 [eforensicsmag] “Most people neglect scrutinizing the basics” - Interview with Divya Lakshmanan, eForensics Instructor
2019.05 [andreafortuna] How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?
2019.05 [MastersInEthicalHacking] Computer Memory Forensic Tutorial
2019.05 [360] 2019 虎鲸杯电子取证大赛赛后复盘总结
2019.05 [eforensicsmag] BLAZESCAN – digital forensic open source tool | By Brian Laskowski
2019.04 [X13Cubed] Free Tools From Magnet Forensics
2019.04 [4hou] 利用LeechAgent对远程物理内存进行取证分析
2019.04 [freebuf] Imago-Forensics：Python实现的图像数字取证工具
2019.04 [andreafortuna] How to extract forensic artifacts from pagefile.sys?
2019.04 [scrtinsomnihack] Dear Blue Team: Forensics Advice to Supercharge your DFIR capabilities by Joe Gray (@c_3pjoe)
2019.04 [eforensicsmag] Instagram Forensics -Windows App Store | By Justin Boncaldo
2019.04 [arxiv] [1904.01725] Using Google Analytics to Support Cybersecurity Forensics
2019.03 [aliyun] Compromised Server–取证挑战
2019.03 [4hou] Windows注册表取证分析
2019.03 [arxiv] [1903.10770] Blockchain Solutions for Forensic Evidence Preservation in IoT Environments
2019.03 [compass] Windows Forensics with Plaso
2019.03 [checkpoint] Check Point Forensic Files: A New Monero CryptoMiner Campaign | Check Point Software Blog
2019.03 [arxiv] [1903.07703] A Survey of Electromagnetic Side-Channel Attacks and Discussion on their Case-Progressing Potential for Digital Forensics
2019.03 [hexacorn] PE Compilation Timestamps vs. forensics
2019.03 [0x00sec] A forensics repo?
2019.03 [crowdstrike] AutoMacTC: Automating Mac Forensic Triage
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (IV)
2019.03 [arxiv] [1904.00734] Forensics Analysis of Xbox One Game Console
2019.03 [ironcastle] Special Webcast: SOF-ELK(R): A Free, Scalable Analysis Platform for Forensic, incident Response, and Security Operations – March 5, 2019 1:00pm US/Eastern
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (III)
2019.03 [freebuf] 你可能没见过的流量取证
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (II)
2019.03 [HackerSploit] Imago Forensics - Image Forensics Tutorial
2019.02 [freebuf] 对恶意树莓派设备的取证分析
2019.02 An Introduction to Exploratory Data Analysis with Network Forensics
2019.02 [htbridge] How to Use an Audit Log to Practice WordPress Forensics
2019.02 [htbridge] How to Use an Audit Log to Practice WordPress Forensics
2019.02 [arxiv] [1903.03061] DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge
2019.02 [arxiv] [1903.01396] A complete formalized knowledge representation model for advanced digital forensics timeline analysis
2019.02 [bhconsulting] AWS Cloud: Proactive Security and Forensic Readiness – part 5
2019.02 [infosecinstitute] Popular Computer Forensics Top 21 Tools [Updated for 2019]
2019.02 [cybrary] The Cost to Learn Computer Forensics
2019.02 [cybrary] “Ok Google. What is Forensic Analysis?”
2019.02 [360] 从PowerShell内存中提取取证脚本内容
2019.02 [eforensicsmag] How EnCase Software has Been Used Major Crime Cases (Plus how to use EnCase Forensic Imager Yourself) | By Brent Whitfield
2019.01 [4hou] Linux内存取证：解析用户空间进程堆（下）
2019.01 [4hou] Linux内存取证：解析用户空间进程堆（中）
2019.01 [cybrary] Computer Forensics Jobs: How to get a job, and what you should know
2019.01 [4hou] Linux内存取证：解析用户空间进程堆（上）
2019.01 [cybrary] Computer Forensics Jobs: Is it really that difficult to enter the field?
2019.01 [checkpoint] Check Point Forensic Files: GandCrab Returns with Friends (Trojans) | Check Point Software Blog
2019.01 [comae] Leveraging Microsoft Graph API for memory forensics
2019.01 [cybrary] Computer Forensics Jobs: Are there jobs available?
2019.01 [leeholmes] Extracting Forensic Script Content from PowerShell Process Dumps
2019.01 [freebuf] iOS取证技巧：在无损的情况下完整导出SQLite数据库
2019.01 [freebuf] TorPCAP：Tor网络取证分析技术
2019.01 [360] Windows 注册表取证分析
2019.01 [freebuf] Android取证：使用ADB和DD对文件系统做镜像
2019.01 [sans] Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection
2019.01 [fireeye] Digging Up the Past: Windows Registry Forensics Revisited
2019.01 [sans] SANS FOR585 Q&A: Smartphone Forensics - Questions answered
2019.01 [redcanary] Our Automation Solution, Exec, Now Features Forensics, Human Approvals, and More
2019.01 [4hou] CTF取证方法总结
2018.12 [hitbsecconf] #HITB2018DXB: Offensive Memory Forensics - Hugo Teso
2018.12 [4hou] Check Point取证报告：SandBlast客户端能够监测到无文件GandCrab
2018.12 [4hou] Apple FSEvents相关的取证问题总结
2018.12 [checkpoint] Check Point Forensic Files: Fileless GandCrab As Seen by SandBlast Agent | Check Point Software Blog
2018.12 [0x00sec] Anti-forensic and File-less Malware
2018.12 [sans] The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.
2018.12 [eforensicsmag] (Not Quite) Snapchat Forensics | By Gary Hunter
2018.12 [andreafortuna] Android Forensics: imaging android filesystem using ADB and DD
2018.12 [CodeColorist] iOS forensics trick: pull databases w/o full backup
2018.11 [DEFCONConference] DEF CON 26 DATA DUPLICATION VILLAGE - Lior Kolnik - The Memory Remains Cold Drive Memory Forensics
2018.11 [volatility] Malware and Memory Forensics Training in 2019!
2018.11 [eforensicsmag] LOGICUBE INTRODUCES EDUCATIONAL VIDEO SERIES FOR IT’S NEXT-GENERATION FORENSIC IMAGER, FALCON-NEO | from Logicube
2018.11 [mac4n6] Do it Live! Dynamic iOS Forensic Testing
2018.11 [arxiv] [1811.09239] Digital Forensics for IoT and WSNs
2018.11 [n0where] Extract Digital Evidences From Images: Imago-Forensics
2018.11 [andreafortuna] AutoTimeliner: automatically extract forensic timeline from memory dumps
2018.11 [freebuf] PcapXray：一款功能强大的带有GUI的网络取证工具
2018.11 [WildWestHackinFest] Six Sick Systems, One Hour: Investigate with Host Forensics
2018.11 [arxiv] [1811.01629] On the Transferability of Adversarial Examples Against CNN-Based Image Forensics
2018.11 [DEFCONConference] DEF CON 26 VOTING VILLAGE - Carsten Schurmann - A Comprehensive Forensic Analysis of WINVote Voting
2018.11 [arxiv] [1811.00701] Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset
2018.10 [hackers] Network Forensics: Wireshark Basics, Part 2
2018.10 [aliyun] picoCTF2018 Writeup之Forensics篇
2018.10 [aliyun] 取证分析之发现Windows恶意程序执行痕迹
2018.10 [mac4n6] Video Now Available - #DFIRFIT or BUST: A Forensic Exploration of iOS Health Data
2018.10 [insanitybit] Grapl: A Graph Platform for Detection, Forensics, and Incident Response
2018.10 [krypt3ia] Ryan S. Lin: Cyber Stalking, VPN’s and Digital Forensics
2018.10 [pediy] [原创]取证分析之逆向服务器提权开启3389远程连接工具
2018.10 [malwarenailed] Live forensic collection and triage using CyLR, CDQR and Skadi
2018.10 [insinuator] Incident Analysis and Digital Forensics Summit 2018, 14th of November of 2018
2018.10 [SSTecTutorials] USB Forensics - Find History of Connected USB | Data Stolen By USB?
2018.10 [elearnsecurity] Top 5 Skills for a Career in Digital Forensics
2018.10 [eforensicsmag] Threat Intelligence: Taking a Fresh Look at Digital Forensics Backlogs | By Jonathan Zhang
2018.10 [welivesecurity] How to find forensic computer tools for each incident
2018.10 [elcomsoft] iOS Forensics Training in Vienna: 17-19 Oct 2018
2018.10 [andreafortuna] Accessing Volume Shadow Copies within a forensic image
2018.09 [hackers] Network Forensics, Part 2: Detecting and Analyzing a SCADA DoS Attack
2018.09 [hackers] Network Forensics, Wireshark Basics, Part 1
2018.09 [4hou] 如何对苹果设备进行云取证
2018.09 [4hou] 是迫于压力还是心甘情愿？年底之前，苹果将完成和执法机构的取证工作对接
2018.09 [eforensicsmag] Ethics and Forensics- Time To Take A Hard Look | By Marisa Dery
2018.09 [elcomsoft] Cloud Forensics: Why, What and How to Extract Evidence
2018.09 [arxiv] [1809.00745] IoTDots: A Digital Forensics Framework for Smart Environments
2018.09 [bhconsulting] AWS Cloud: Proactive Security and Forensic Readiness – part 4
2018.08 [freebuf] Hindsight：Google ChromeChromium历史访问记录取证工具
2018.08 [arxiv] [1808.01196] Enabling Trust in Deep Learning Models: A Digital Forensics Case Study
2018.08 [eforensicsmag] Tracking Photo’s Geo-location with GPS EXIF DATA – Forensic Analysis | By Bala Ganesh
2018.07 [arxiv] [1807.10436] Emerging from The Cloud: A Bibliometric Analysis of Cloud Forensics Studies
2018.07 [arxiv] [1807.10438] Internet of Things Security and Forensics: Challenges and Opportunities
2018.07 [arxiv] [1807.10445] Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study
2018.07 [arxiv] [1807.10359] B-CoC: A Blockchain-based Chain of Custody for Evidences Management in Digital Forensics
2018.07 [arxiv] [1807.10218] CloudMe Forensics: A Case of Big-Data Investigation
2018.07 [arxiv] [1807.10214] Cloud Storage Forensic: hubiC as a Case-Study
2018.07 [pentesttoolz] Hindsight – Internet History Forensics For Google Chrome/Chromium
2018.07 [arxiv] [1807.08264] Digital forensic investigation of two-way radio communication equipment and services
2018.07 Forensics Quickie: Identifying an Unknown GUID with Shellbags Explorer, Detailing Shell Item Extension Block 0xbeef0026, & Creative Cloud GUID Behavior
2018.07 [fireeye] Leveraging Intelligence with FireEye Network Forensics
2018.07 [NetflixTechBlog] Netflix SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud
2018.07 [Sebdraven] APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading
2018.07 [eforensicsmag] Digital Forensics – Tracking & Target Locating .Jpegs via Metadata (Exif) | By Hector Barquero
2018.07 [4hou] 攻击者从台湾科技公司窃取证书用于Plead恶意软件活动
2018.07 [eforensicsmag] Network Forensics Village | By Alexander Kot
2018.07 [HACKADAY] DataGram - Forensic Locksmithing
2018.07 [pentesttoolz] Guasap – WhatsApp Forensic Tool
2018.07 [hackread] Top 7 Most Popular and Best Cyber Forensics Tools
2018.06 [SecPgh] Tactical, Practical, Digital Forensics - John Grim
2018.06 [freebuf] 记一次服务器被入侵的调查取证
2018.06 [360] 企业APT攻击取证（windows版本）
2018.06 [elcomsoft] iOS Forensic Toolkit 4.0 with Physical Keychain Extraction
2018.06 [countuponsecurity] Digital Forensics – PlugX and Artifacts left behind
2018.06 [pediy] [翻译]WhatsApp取证：对加密数据库进行解密和在尚未被Root的Android设备上提取已删除的消息
2018.06 [X13Cubed] RDP Event Log Forensics
2018.06 [mac4n6] Presentation - #DFIRFIT or BUST: A Forensic Exploration of iOS Health Data (SANS DFIR Summit)
2018.06 [0x00sec] Intro to Digital Forensics [Part 2 - Methodology and Process Models]
2018.06 [SecurityFest] Solomon Sonya - Advanced Memory Forensics NextGen Actionable Threat Intelligence - SecurityFest 2018
2018.06 [andreafortuna] Dumpzilla: a forensic tool to extract information from browsers based on Firefox
2018.06 [andreafortuna] Using MFT anomalies to spot suspicious files in forensic analysis
2018.05 [aliyun] 【取证分析】CentOS_5.5_安装GCC编译LiME
2018.04 [freebuf] 内存取证：查找Metasploit的Meterpreter踪迹
2018.04 [360] 如何通过内存取证技术追踪Metasploit Meterpreter
2018.03 [freebuf] 如何对已损坏的SQLite数据库取证分析？
2018.03 [hackers] Digital Forensics, Part 10: Mobile Forensics (Android)
2018.03 [4hou] 数字取证调查中如何获取网络连接的时间戳？
2018.03 [hackers] Digital Forensics, Part 5: Analyzing the Windows Registry for Evidence
2018.03 [360] WhatsApp取证技术：如何在未Root的Android设备上解密数据库
2018.03 [sec] 网络犯罪调查与电子数据取证
2018.02 [hackers] Network Forensics, Part 1
2018.02 [freebuf] iPhone X未能幸免 | 以色列取证企业发现解锁任意iPhone设备的方法
2018.02 [hackingarticles] Digital Forensics Investigation through OS Forensics (Part 3)
2018.02 [hackingarticles] Convert Virtual Machine to Raw Images for Forensics (Qemu-Img)
2018.01 [hackingarticles] Digital Forensics Investigation through OS Forensics (Part 2)
2018.01 [hackingarticles] Digital Forensics Investigation using OS Forensics (Part1)
2018.01 [hackingarticles] Forensic Imaging through Encase Imager
2018.01 [hackingarticles] Forensic Investigation of Nmap Scan using Wireshark
2018.01 [boredhackerblog] Digital Forensics and Law
2018.01 [hackingarticles] Forensic Data Carving using Foremost
2018.01 [4hou] 云存储服务的数字取证（下）
2018.01 [4hou] 云存储服务的数字取证（上）
2018.01 [hackingarticles] Forensics Tools in Kali
2018.01 [hackingarticles] Network Packet Forensic using Wireshark
2017.12 [cert] GreHack 2017 – Write Up Forensic 400
2017.11 [freebuf] 著名开源网络取证工具Xplico远程未授权RCE漏洞
2017.10 [freebuf] 反取证技术：内核模式下的进程隐蔽
2017.10 [4hou] 内存取证分析的实战演练
2017.10 [n0where] Wireless Monitoring, Intrusion Detection & Forensics: Nzyme
2017.09 [sans] Forensic use of mount --bind
2017.09 [360] PCRT：一款自动化检测修复PNG损坏的取证工具
2017.09 [elcomsoft] New Security Measures in iOS 11 and Their Forensic Implications
2017.08 [freebuf] 内存取证三项CTF赛题详解
2017.08 [aliyun] 威胁猎杀与主动取证
2017.08 [securelayer7] Memory Forensics & Reverse Engineering : Thick Client Penetration Testing – Part 4
2017.08 [freebuf] 详解Windows注册表分析取证
2017.08 [pediy] [翻译]CTF取证类题目指南
2017.07 [aliyun] [ISS 2017]电子数据取证议题分享一：网络犯罪魔与道：过去、现在、未来
2017.07 [aliyun] [ISS 2017]电子数据取证议题分享二：计算机取证，科学?
2017.07 [4hou] BlackHat2017热点之DefPloreX—大规模网络犯罪取证的机器学习工具
2017.07 [trendmicro] DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics
2017.07 [securelist] Bitscout – The Free Remote Digital Forensics Tool Builder
2017.06 [360] 数字取证技术——NTFS更改日志
2017.06 [secist] 22款受欢迎的计算机取证工具
2017.06 [freebuf] 22款受欢迎的计算机取证工具
2017.06 [4hou] 工具推荐：22款最流行的计算机取证工具【2017年更新版】
2017.06 [nicoleibrahim] Apple FSEvents Forensics
2017.06 [freebuf] 基于bro的计算机入侵取证实战分析
2017.06 [n0where] Digital Forensics Platform: Autopsy
2017.05 [360] Linux取证技术实践
2017.05 [countuponsecurity] Digital Forensics – NTFS Change Journal
2017.05 [freebuf] 计算机取证在企业安全中的实际应用
2017.04 [hackingarticles] Mobile Forensics Investigation using Cellebrite UFED
2017.04 [ionize] BSides Canberra 2017 CTF Writeup – Forensics – Capture This Challenge
2017.03 [4hou] 反取证、密码学、逆向工程软件…… 10大最好的网络安全Reddit都在这儿
2017.03 [freebuf] 数字取证技术：Windows内存信息提取
2017.03 [csyssec] 名人课堂-高级数字取证与数据逆向工程
2017.01 [n0where] Open Source File System Digital Forensics: The Sleuth Kit
2017.01 [securestate] CTF Example – Forensics
2017.01 [welivesecurity] Forensic analysis techniques for digital imaging
2017.01 [freebuf] 为保护隐私而生，反取证操作系统：kodachi
2017.01 [n0where] Secure Anti Forensic Anonymous Operating System: kodachi
2016.12 [lightless] SECCON2016取证题WriteUP
2016.11 [hackers] Digital Forensics, Part 8: Live Analysis with sysinternals
2016.11 [hackers] Digital Forensics, Part 7: Browser Forensics
2016.11 [n0where] PowerShell Digital Forensics: PowerForensics
2016.11 [hackers] Digital Forensics, Part 6: Analyzing Windows Pre-fetch Files for Evidence
2016.10 [hackers] Digital Forensics, Part 4: Finding Key Evidence in the Forensic Image
2016.10 [hackers] Digital Forensics, Part 3: Recovering Deleted Files
2016.10 [hackers] Anti-Forensics: How to Clear Evidence Like Hillary Clinton
2016.09 [hackers] Digital Forensics, Part 2: Live Memory Acquisition and Analysis
2016.09 [sans] Back in Time Memory Forensics
2016.09 [hackers] Digital Forensics, Part 1: Capturing a Forensically Sound Image
2016.09 [sans] Windows Events log for IR/Forensics ,Part 2
2016.09 [n0where] Windows Forensic Data Collection: IR-rescue
2016.09 [sans] Windows Events log for IR/Forensics ,Part 1
2016.09 [n0where] Forensic File System Reconstruction: RecuperaBit
2016.08 [n0where] USB Anti Forensic Tool: usbdeath
2016.08 [rapid7] Using Log Data as Forensic Evidence
2016.08 [sans] Looking for the insider: Forensic Artifacts on iOS Messaging App
2016.08 [n0where] OS X Forensic Evidence Collection: OSXCollector
2016.07 [n0where] Incident Response Forensic Framework: nightHawk Response
2016.07 [n0where] Offline Digital Forensics Tool for Binary Files: ByteForce
2016.06 [hackers] Covering your BASH Shell Tracks- Anti-Forensics
2016.06 [rapid7] Trip Report: Techno Security & Forensics Investigations Conference
2016.06 [sans] Performing network forensics with Dshell. Part 2: Decoder development process
2016.05 [sans] Performing network forensics with Dshell. Part 1: Basic usage
2016.05 [n0where] Open Source Intelligence and Forensics : Maltego
2016.04 [sans] An Introduction to Mac memory forensics
2016.04 [n0where] Advanced Forensics File Format: AFF4
2016.03 [sans] Improving Bash Forensics Capabilities
2016.03 [sans] Forensicating Docker, Part 1
2016.03 [hackingarticles] Wifi Forensic Investigation using Wifihistoryview
2016.02 [freebuf] 针对爱尔兰DDoS攻击的取证分析
2016.02 [nsfocus] 加强调查取证，夯实威胁情报基础
2016.02 [360] 新型DDOS攻击分析取证
2016.01 [freebuf] Joy：捕获数据包、分析网络流量数据、网络取证及安全监控工具
2016.01 [freebuf] 分析取证指南：取证工具推荐
2016.01 [sans] toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015.12 [freebuf] 针对国外一款超火约会软件Tinder的取证分析
2015.12 [freebuf] 开源网络取证工具Xplico
2015.11 [secist] 调查取证之图像还原
2015.11 [secist] 调查取证之文字还原
2015.11 [n0where] Network Forensic Analysis Tool: Xplico
2015.11 [n0where] Digital Forensics Distro: CAINE
2015.11 [hackingarticles] Forensic Investigation of Any Mobile Phone with MOBILedit Forensic
2015.10 [hackingarticles] Android Mobile Device Forensics with Mobile Phone Examiner Plus
2015.10 [360] WMI 的攻击，防御与取证分析技术之攻击篇
2015.10 [hackingarticles] How to Create a Forensic Image of Android Phone using Magnet Acquire
2015.10 [hackingarticles] Forensics Investigation of Android Phone using Andriller
2015.10 [hackingarticles] Logical Forensics of an Android Device using AFLogical
2015.10 [hackingarticles] SANTOKU Linux- Overview of Mobile Forensics Operating System
2015.10 [hackingarticles] Forensics Analysis of Pagefile and hibersys File in Physical Memory
2015.09 [hackingarticles] 4 ways Capture Memory for Analysis (Memory Forensics)
2015.09 [hackingarticles] Forensic Investigation of RAW Image using Forensics Explorer (Part 1)
2015.09 [hackingarticles] Forensic Investigation Tutorial Using DEFT
2015.09 [freebuf] “短信拦截马”黑色产业链与溯源取证研究
2015.07 [hackingarticles] Forensics Investigon of RAW Images using Belkasoft Evidence Center
2015.07 [hackingarticles] How to Clone Drive for Forensics Purpose
2015.06 [hackingarticles] Best of Computer Forensics Tutorials
2015.06 [hackingarticles] Forensics Investigation of Deleted Files in a Drive
2015.06 [hackingarticles] Comparison of two Files for forensics investigation by Compare IT
2015.06 [hackingarticles] Live Forensics Case Investigation using Autopsy
2015.06 [hackingarticles] How to Install Digital Forensics Framework in System
2015.06 [hackingarticles] Forensics Investigation of Facebook, Skype, and Browsers in RAW Image using IEF (Internet Evidence Finder)
2015.06 [hackingarticles] How to Create Drive Image for Forensic Purpose using Forensic Replicator
2015.06 [hackingarticles] Outlook Forensics Investigation using E-Mail Examiner
2015.06 [hackingarticles] How to Preserve Forensics Image file Timestamp
2015.05 [hackingarticles] Forensics Investigation of Evidence RAW Image using OS Forensics Tool
2015.05 [hackingarticles] How to Create and Convert RAW Image in Encase and AFF Format using Forensics Imager
2015.05 [hackingarticles] How to Mount Forensics image as a Drive using P2 eXplorer Pro
2015.05 [hackingarticles] How to gather Forensics Investigation Evidence using ProDiscover Basic
2015.05 [hackingarticles] How to study Forensics Evidence of PC using P2 Commander (Part 2)
2015.05 [hackingarticles] How to Collect Forensics Evidence of PC using P2 Commander (Part 1)
2015.05 [hackingarticles] How to Create Forensics Image of PC using R-Drive Image
2015.04 [hackingarticles] Forensic Investigation of victim pc using Autopsy
2015.04 [hackingarticles] Forensic Investigation of any Twitter account
2015.04 [hackingarticles] How to perform Forensic Investigation on user Linkedin Account
2015.04 [hackingarticles] How to Perform Forensic Investigation on YouTube
2015.04 [hackingarticles] Forensic Investigation of any FaceBook Profile
2015.04 [sans] Memory Forensics Of Network Devices
2015.03 [hackingarticles] How to find the usage of files in Remote victim PC (Remote PC Forensics)
2015.03 Web日志取证分析工具
2015.02 电子取证实例：基于磁盘的数据取证
2015.02 [n0where] Forensic Data Extraction: Bulk Extractor
2015.02 从一次取证到反渗透
2015.02 [sans] Another Network Forensic Tool for the Toolbox - Dshell
2015.02 [freebuf] 电子取证实例：基于文件系统的磁盘数据取证分析
2015.01 [n0where] Dshell – Network Forensic Analysis Framework
2015.01 [hackingarticles] How to Collect Email Evidence in Victim PC (Email Forensics)
2015.01 [hackingarticles] Forensics Analysis of Social Media Sites like Facebook, Twitter, LinkedIn
2014.11 [freebuf] Linux入侵取证：从一次应急事件讲起
2014.10 云端博弈——云安全入侵取证及思考
2014.10 [tencent] 云端博弈——云安全入侵取证及思考
2014.10 [sec] 容易被忽略的Anti-APT产品-网络取证工具NFT
2014.08 [n0where] Digital Forensics Toolkit: DEFT
2014.08 [freebuf] FB公开课录像：隐蔽通信（FQ）和侦查取证那些事儿
2014.07 [freebuf] FreeBuf公开课（直播课程）：隐蔽通信（FQ）和侦查取证那些事儿
2014.05 [freebuf] 电子取证之Linux PCI分析
2014.04 [hackingarticles] Hack MOBILedit Forensic 6.9 Registration (Easy Way)
2014.03 [freebuf] 走进计算机取证分析的神秘世界
2014.02 [hackingarticles] Forensics Investigation of Remote PC (Part 2)
2014.02 [hackingarticles] Forensics Investigation of Remote PC (Part 1)
2014.01 [freebuf] 渗透测试中的冷却启动攻击和其他取证技术
2013.12 [pediy] [原创]xls文件取证
2013.11 [n0where] Network Takeover Forensic Analysis: FS-NyarL
2013.05 [sans] Call for Papers - 4th annual Forensics and Incident Response Summit EU
2013.05 [freebuf] 移动设备取证、恶意软件分析和安全测试套件—Santoku
2013.05 [n0where] Mobile Forensics: Santoku
2013.04 [freebuf] 针对取证的GNU/Linux发行版: PALADIN
2013.01 [pediy] [推荐]Android取证和安全测试开放课程
2012.10 [welivesecurity] PC Support Scams: a Forensic View
2012.10 [welivesecurity] Defeating anti-forensics in contemporary complex threats
2012.09 [freebuf] [更新]GUI界面文件信息取证分析工具-FileInfo V6.0
2012.07 [freebuf] 渗透测试、电子取证系统 – Bugtraq-I
2012.07 [freebuf] Iphone取证(一)
2012.06 [freebuf] 开源数字调查/取证工具 – Sleuth Kit v4.0.0 Beta1
2012.05 [freebuf] 数字取证工具包-SIFT
2012.03 [hackingarticles] Antivirus Forensics Tools
2012.02 [hackingarticles] BFT (Browser Forensic Tool )
2012.01 [rapid7] Metasploit Updated: Forensics, SCADA, SSH Public Keys, and More
2012.01 [rapid7] Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering
2011.11 [hackingarticles] How to View Windows system reboot Date and Time (Windows Forensics)
2011.09 [sans] Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011.09 [hackingarticles] Find Last Connected USB on your system (USB Forensics)
2011.09 [hackingarticles] List of Computer Forensics Tools (Part 1)
2010.11 [trendmicro] STUXNET Scanner: A Forensic Tool
2010.09 [sans] Quick Forensic Challenge
2010.06 [sans] New Honeynet Project Forensic Challenge
2010.05 [sans] SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010.05 [sans] 2010 Digital Forensics and Incident Response Summit
2010.04 [sans] Network and process forensics toolset
2010.01 [sans] Forensic challenges
2009.12 [sans] Anti-forensics, COFEE vs. DECAF
2009.08 [sans] Network Forensics Puzzle Contest
2009.08 [sans] Forensics: Mounting partitions from full-disk ‘dd’ images
2009.07 [riusksk] Windows平台下的监控取证技术
2009.07 [pediy] [原创]Windows平台下的取证技术
2008.10 [sans] Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2005.05 [sans] Firefox 1.0.4; DNSSEC Tools; Phisher’s benefit use Google link; Viewing Chat Logs; Web Browser Forensics; Gecko Based Browers HTTP Authentication Prompt Vulnerability
Volatility
- 2019.11 [volatility] Results from the 2019 Volatility Contests are in!
- 2019.10 [volatility] Announcing the Volatility 3 Public Beta!
- 2019.10 [countuponsecurity] Notes on Linux Memory Analysis – LiME, Volatility and LKM’s
- 2019.10 [doyler] BofA Forensics and Volatility for the Win (DerbyCon 9)
- 2019.07 [cristivlad25] Practical Pentesting - How to do Memory Forensics with Volatility - AttackDefense Labs
- 2019.06 [infosecinstitute] Ransomware analysis with Volatility
- 2019.04 [andreafortuna] How to analyze a VMware memory image with Volatility
- 2019.03 [4hou] 基础事件响应中的Volatility工作流程
- 2019.01 [sans] Mac Memory Analysis with Volatility
- 2019.01 [sans] Android Mind Reading - Memory Acquisition and Analysis with LiME and Volatility
- 2019.01 [sans] Volatility Bot
- 2018.11 [volatility] Results from the 2018 Volatility Contests are in!
- 2018.08 [jpcert] Volatility Plugin for Detecting Cobalt Strike Beacon
- 2018.07 [aliyun] 利用Volatility进行入侵痕迹分析
- 2018.07 [andreafortuna] Digital forensics chronicles: image identification issues on large memory dump with Volatility
- 2018.07 [andreafortuna] Finding malware on memory dumps using Volatility and Yara rules
- 2018.05 [pentesttoolz] Linux Screenshot XWindows – Volatility Plugin To Extract X Screenshots From A Memory Dump
- 2018.05 [volatility] The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest!
- 2018.05 [pentestingexperts] Memory Forensics Investigation using Volatility (Part 1)
- 2018.05 [cybertriage] Using Volatility in Cyber Triage to Analyze Memory
- 2018.04 [acolyer] Espresso: brewing Java for more non-volatility with non-volatile memory
- 2018.03 [broadanalysis] Guest Blog Post: njRat Analysis with Volatility
- 2018.03 [X13Cubed] Volatility Profiles and Windows 10
- 2018.01 [cydefe] Tools 101: Volatility Usage
- 2018.01 [hackingarticles] Memory Forensics Investigation using Volatility (Part 1)
- 2017.12 [360] 如何使用QEMU和Volatility攻击全盘加密的系统
- 2017.12 [diablohorn] attacking encrypted systems with qemu and volatility
- 2017.11 [pentestingexperts] Stuxnet’s Footprint in Memory with Volatility 2.0
- 2017.11 [volatility] Results from the (5th Annual) 2017 Volatility Plugin Contest are in!
- 2017.10 [sans] Using Yara rules with Volatility
- 2017.10 [4hou] 使用Volatility检测DoublePulsar
- 2017.08 [shelliscoming] DoublePulsar SMB implant detection from Volatility
- 2017.08 [nextplatform] The Ironic – And Fleeting – Volatility In NVM Storage
- 2017.05 [360] 电子取证技术之实战Volatility工具
- 2017.04 [volatility] The (5th Annual) 2017 Volatility Plugin Contest is Live!
- 2017.02 [ponderthebits] OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
- 2017.01 [freebuf] 利用Volatility进行Windows内存取证分析(二)：内核对象、内核池学习小记
- 2017.01 [freebuf] 利用Volatility进行Windows内存取证分析(一)：初体验
- 2016.12 [volatility] The Release of Volatility 2.6
- 2016.12 [volatility] Results from the 2016 Volatility Plugin Contest are in!
- 2016.10 [sans] Volatility Bot: Automated Memory Analysis
- 2016.10 [tisiphone] Using Team Cymru’s MHR with Volatility
- 2016.10 [n0where] Automated Memory Analyzer For Malware Samples: VolatilityBot
- 2016.09 [volatility] Volatility Update: Core team is growing!
- 2016.09 [cysinfo] Detecting Malicious Processes Using Psinfo Volatility Plugin
- 2016.09 [cysinfo] Detecting Deceptive Process Hollowing Techniques Using HollowFind Volatility Plugin
- 2016.08 [linoxide] How to Setup Volatility Tool for Memory Analysis
- 2016.07 [cysinfo] Linux Memory Diff Analysis using Volatility
- 2016.06 [cysinfo] Hunting APT RAT 9002 In Memory Using Volatility Plugin
- 2016.05 [freebuf] 使用VOLATILITY发现高级恶意软件
- 2016.04 [virusbulletin] VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
- 2016.04 [holisticinfosec] toolsmith #115: Volatility Acuity with VolUtility
- 2016.04 [volatility] Airbnb Donates $999 to the 2016 Volatility Plugin Contest!
- 2016.04 [volatility] The 2016 Volatility Plugin Contest is now live!
- 2016.02 [360] 在windows环境下使用Volatility或PE Capture捕捉执行代码（PE/DLL/驱动恶意文件）
- 2016.02 [tribalchicken] Extracting FileVault 2 Keys with Volatility
- 2016.02 [tribalchicken] Extracting FileVault 2 Keys with Volatility
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Overview
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 1: Mimikatz & lsass.exe Dump
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 2: Windows 7 Full Memory Dump & Get Hashes
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 3: WinDBG Mimikatz Extension
- 2016.02 [govolution] Windows Credentials and Memory Dumps – Part 4: Volatility & Mimikatz
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 6: VMWare Workstation
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 7: ESXi Server
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 8: ESXi Attacking Scenario – Volatility on ESXi
- 2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 9: Logging & Monitoring ESXi
- 2016.01 [sans] Some useful volatility plugins
- 2016.01 [metabrik] Malware analysis with VM instrumentation, WMI, winexe, Volatility and Metabrik
- 2015.11 [volatility] Guest Post: Martin Korman (VolatilityBot - An Automated Malicious Code Dumper)
- 2015.11 [tribalchicken] Extracting BitLocker keys with Volatility (PoC)
- 2015.11 [tribalchicken] Extracting BitLocker keys with Volatility (PoC)
- 2015.11 [secist] 调查取证之Volatility框架的使用
- 2015.11 [n0where] Volatile Memory Extraction: The Volatility Framework
- 2015.11 [volatility] PlugX: Memory Forensics Lifecycle with Volatility
- 2015.10 [volatility] Results from the 2015 Volatility Plugin Contest are in!
- 2015.10 [autopsy] The Volatility team talks proactive threat hunting with memory forensics (an OSDFCon presentation)
- 2015.10 [angelalonso] Android Memory Analysis (II) - Extracting the memory and analyzing with Volatility
- 2015.09 [airbuscybersecurity] Volatility plugin for PlugX updated
- 2015.08 [volatility] Volatility Updates Summer 2015
- 2015.07 [volatility] The 2015 Volatility Plugin contest is now live!
- 2015.07 [volatility] Volatility at Black Hat USA & DFRWS 2015!
- 2015.02 [kudelskisecurity] Volatility plugin for Dyre
- 2014.12 [sans] Some Memory Forensic with Forensic Suite (Volatility plugins)
- 2014.10 [volatility] Announcing the 2014 Volatility Plugin Contest Results!
- 2014.09 [volatility] The Volatility Foundation: Fighting for Open Source Forensics
- 2014.09 [volatility] Volatility 2.4 at Blackhat Arsenal - Defeating Truecrypt Disk Encryption
- 2014.09 [volatility] Facebook Donation Doubles the Volatility Plugin Contest Prizes
- 2014.09 [volatility] Heads Up! 2014 Volatility Plugin Contest Deadline Extended!
- 2014.08 [volatility] Volatility 2.4 at Blackhat Arsenal - Reverse Engineering Rootkits
- 2014.08 Forensic FOSS: 4n6k_volatility_installer.sh - Install Volatility For Linux Automatically
- 2014.08 [volatility] Volatility 2.4 at Blackhat Arsenal - Tracking Mac OS X User Activity
- 2014.08 [toolswatch] Volatility v2.4 – Art of Memory Forensics Released
- 2014.08 [volatility] New Volatility 2.4 Cheet Sheet with Linux, Mac, and RTFM
- 2014.08 [volatility] Presenting Volatility Foundation Volatility Framework 2.4
- 2014.07 [volatility] Volatility at Black Hat USA & DFRWS 2014
- 2014.05 [volatility] Volatility - Update All The Things
- 2014.04 [volatility] Volatility Memory Forensics and Malware Analysis Training in Australia!
- 2014.03 [reverse] Teaching Rex another TrustedBSD trick to hide from Volatility
- 2014.03 [mcafee] Timeline of Bitcoin Events Demonstrates Online Currency’s Volatility
- 2014.02 [freebuf] 利用Volatility查找系统中的恶意DLL
- 2014.02 [freebuf] Linux下内存取证工具Volatility的使用
- 2014.02 [volatility] Training by The Volatility Project Now Available In Three Continents!
- 2013.11 [holisticinfosec] Volatility 2.3 and FireEye’s diskless, memory-only Trojan.APT.9002
- 2013.11 [toolswatch] Volatility The advanced memory forensics framework v2.3 available (Support of OSX)
- 2013.10 [volatility] Volatility 2.3 Released! (Official Mac OS X and Android Support)
- 2013.09 [volatility] Leveraging CybOX with Volatility
- 2013.08 [quequero] Quick Volatility overview and R.E. analysis of Win32.Chebri
- 2013.08 [volatility] Results are in for the 1st Annual Volatility Framework Plugin Contest!
- 2013.06 [sans] Volatility rules…any questions?
- 2013.06 [volatility] MOVP II - 4.5 - Mac Volatility vs the Rubilyn Kernel Rootkit
- 2013.05 [volatility] Automated Volatility Plugin Generation with Dalvik Inspector
- 2013.05 [securityintelligence] Zeus Analysis – Memory Forensics via Volatility
- 2013.05 [volatility] MoVP II - 2.3 - Creating Timelines with Volatility
- 2013.05 [volatility] MOVP II - 1.5 - ARM Address Space (Volatility and Android / Mobile)
- 2013.05 [volatility] What’s Happening in the World of Volatility?
- 2013.04 [cyberarms] Volatility Memory Analysis Article Featured in eForensics Magazine
- 2013.03 [volatility] Official Training by Volatility - Reston/VA, June 2013
- 2013.01 [theevilbit] Backtrack Forensics: Memory analysis with volatility
- 2013.01 [volatility] The 1st Annual Volatility Framework Plugin Contest
- 2013.01 [hackingarticles] Volatility – An advanced memory forensics framework
- 2012.12 [volatility] What do Upclicker, Poison Ivy, Cuckoo, and Volatility Have in Common?
- 2012.12 [securityartwork] New MFTParser plugin in the alpha version of Volatility
- 2012.11 [volatility] Windows Memory Forensics Training for Analysts by Volatility Developers
- 2012.10 [volatility] OMFW 2012: Analyzing Linux Kernel Rootkits with Volatility
- 2012.10 [volatility] MoVP for Volatility 2.2 and OMFW 2012 Wrap-Up
- 2012.10 [volatility] Solving the GrrCon Network Forensics Challenge with Volatility
- 2012.10 [volatility] Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit
- 2012.09 [volatility] MoVP 3.5: Analyzing the 2008 DFRWS Challenge with Volatility
- 2012.09 [volatility] MoVP 2.5: Investigating In-Memory Network Data with Volatility
- 2012.09 [sans] Volatility: 2.2 is Coming Soon
- 2012.09 [volatility] Month of Volatility Plugins (MoVP)
- 2012.08 [sans] Digital Forensics Case Leads: Identifying TrueCrypt volumes with Volatility, Malware that can sneak into VM’s and more…
- 2012.08 [sans] Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere
- 2012.07 [sans] Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support… Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leadsâ¦
- 2012.04 [hiddenillusion] YARA + Volatility … the beginning
- 2012.03 [hiddenillusion] Making Volatility work for you
- 2011.10 [quequero] Shylock via volatility
- 2011.09 [holisticinfosec] toolsmith: Memory Analysis with DumpIt and Volatility
- 2011.08 [sans] Digital Forensics Case Leads: SIFT 2.1, Volatility 2.0
- 2011.02 [toolswatch] Volatility The advanced memory forensics framework v1.4 released
- 2011.01 [sans] A Quick Look at Volatility 1.4 RC1 - What’s New?
- 2010.05 [holisticinfosec] Memory forensics with SIFT 2.0, Volatility, and PTK
- 2010.02 [sans] Digital Forensics Case Leads: Volatility and RegRipper, Better Together
- 2009.07 [sans] New Volatility plugins
- 2009.05 [sans] More new volatility plugins
- 2009.04 [windowsir] New Volatility Plugins
- 2009.03 [moyix] Using Volatility for Introspection
- 2009.03 [moyix] RegRipper and Volatility Prototype
- 2008.08 [windowsir] Volatility 1.3 is out!
- 2008.08 [moyix] Volatility 1.3 is out!
Sleuthkit
- 2018.10 [insinuator] Comparison of our tool afro (APFS file recovery) with Blackbag Blacklight and Sleuthkit
- 2011.10 [sans] Digital Forensics Case Leads: Passwords in Wills, Google Chrome a Virus, Cybercrime Unit Saving Money and Updates for Sleuthkit and SSDeep.
- 2011.09 [sans] Shadow Timelines And Other VolumeShadowCopy Digital Forensics Techniques with the Sleuthkit on Windows
- 2005.10 [windowsir] Sleuthkit on Windows
Rekall
- 2019.01 [4hou] 借助Rekall进行内存实时分析
- 2019.01 [sans] Rekall Memory Forensics
- 2018.12 [ironcastle] Live memory analysis using Rekall, (Tue, Dec 25th)
- 2018.12 [sans] Live memory analysis using Rekall
- 2018.01 [rekall] ELF hacking with Rekall
- 2017.08 [rekall] Rekall Agent Alpha launch
- 2017.07 [insinuator] Release of Glibc Heap Analysis Plugins for Rekall
- 2016.10 [rekall] The Rekall Agent Whitepaper
- 2015.11 [toolswatch] Rekall The Memory Forensic Framework
- 2015.10 [holisticinfosec] toolsmith #109: CapLoader network carving from Rekall WinPmem Memory Image
- 2015.05 [holisticinfosec] toolsmith: Attack & Detection: Hunting in-memory adversaries with Rekall and WinPmem
- 2015.02 [n0where] Rekall Memory Forensic Framework
- 2014.03 [sans] Linux Memory Dump with Rekall

Source: peerlyst

Continue Reading…Remaining Part In My Reply!

ENJOY & HAPPY LEARNING!

Feedback if you appreciate the share. Cheers!

SaM · March 10, 2020, 4:08pm

Expand & Continue Reading........

Tools

Recent Add

[ 5208 Star][7m] [Py] usarmyresearchlab/dshell Dshell is a network forensic analysis framework.
[ 3337 Star][11d] [Py] google/grr remote live forensics for incident response
[ 1912 Star][13d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
[ 1227 Star][12d] [Py] google/timesketch Collaborative forensic timeline analysis
[ 1155 Star][4m] [Go] mozilla/mig Distributed & real time digital forensics at the speed of the cloud
[ 1024 Star][13d] [Py] ondyari/faceforensics Github of the FaceForensics dataset
[ 1017 Star][12d] [Rich Text Format] decalage2/oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
[ 949 Star][2y] [C#] invoke-ir/powerforensics PowerForensics provides an all in one platform for live disk forensic analysis
[ 883 Star][2m] [C] cisco/joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.
[ 832 Star][27d] [Py] yampelo/beagle an incident response and digital forensics tool which transforms security logs and data into graphs.
[ 791 Star][4m] [Py] srinivas11789/pcapxray visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
[ 762 Star][2m] [Py] snovvcrash/usbrip Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux
[ 544 Star][1m] [Go] biggiesmallsag/nighthawkresponse Incident Response Forensic Framework
[ 485 Star][26d] [Py] netflix-skunkworks/diffy a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
[ 429 Star][3m] [Py] obsidianforensics/hindsight Internet history forensics for Google Chrome/Chromium
[ 419 Star][20d] [Py] forensicartifacts/artifacts Digital Forensics Artifact Repository
[ 395 Star][2y] [PS] cryps1s/darksurgeon a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
[ 392 Star][11m] [Go] mozilla/masche MIG Memory Forensic library
[ 381 Star][5y] [JS] le4f/pcap-analyzer online pcap forensic
[ 349 Star][3m] [Shell] orlikoski/skadi collection, processing and advanced analysis of forensic artifacts and images.
[ 324 Star][11m] [Py] alessandroz/lazagneforensic Windows passwords decryption from dump files
[ 320 Star][2y] [C] fireeye/rvmi A New Paradigm For Full System Analysis
[ 316 Star][12d] [Py] google/turbinia Automation and Scaling of Digital Forensics Tools
[ 303 Star][2m] [Shell] vitaly-kamluk/bitscout Remote forensics meta tool
[ 295 Star][3y] invoke-ir/forensicposters 多种数据结构图解：MBR/GPT/…
[ 274 Star][13d] [Perl] owasp/o-saft OWASP SSL advanced forensic tool
[ 268 Star][3y] [Py] ghirensics/ghiro Automated image forensics tool
[ 263 Star][7m] [Batchfile] diogo-fernan/ir-rescue A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
[ 260 Star][1m] [Py] google/docker-explorer A tool to help forensicate offline docker acquisitions
[ 252 Star][1y] [C++] comaeio/swishdbgext Incident Response & Digital Forensics Debugging Extension
[ 247 Star][1m] [Py] orlikoski/cdqr a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
[ 245 Star][1y] [Py] crowdstrike/forensics Scripts and code referenced in CrowdStrike blog posts
[ 233 Star][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
[ 225 Star][3m] [Py] crowdstrike/automactc Automated Mac Forensic Triage Collector
[ 224 Star][4y] [Java] nowsecure/android-forensics Open source Android Forensics app and framework
[ 213 Star][2y] [C#] shanek2/invtero.net A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
[ 202 Star][11m] [Py] medbenali/cyberscan Network’s Forensics ToolKit
[ 191 Star][2m] [Py] lazza/recuperabit A tool for forensic file system reconstruction.
[ 177 Star][11d] [Py] markbaggett/srum-dump A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
[ 176 Star][4y] [Py] csababarta/ntdsxtract Active Directory forensic framework
[ 168 Star][2y] [Py] monrocoury/forensic-tools A collection of tools for forensic analysis
[ 162 Star][6m] [Py] cvandeplas/elk-forensics ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)
[ 162 Star][2m] [C++] gregwar/fatcat FAT filesystems explore, extract, repair, and forensic tool
[ 158 Star][2m] [Py] travisfoley/dfirtriage Digital forensic acquisition tool for Windows based incident response.
[ 154 Star][9m] [Py] vikwin/pcapfex ‘Packet Capture Forensic Evidence eXtractor’ is a tool that finds and extracts files from packet capture files
[ 150 Star][4m] [Py] stuhli/dfirtrack The Incident Response Tracking Application
[ 149 Star][4y] [Py] arxsys/dff a Forensics Framework coming with command line and graphical interfaces.
[ 146 Star][2y] [Py] davidpany/wmi_forensics scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files
[ 141 Star][2m] [C++] dfir-orc/dfir-orc Forensics artefact collection tool for systems running Microsoft Windows
[ 139 Star][2y] [Py] jrbancel/chromagnon Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
[ 131 Star][2m] [Py] benjeems/packetstrider A network packet forensics tool for SSH
[ 131 Star][2m] [Py] log2timeline/dfvfs Digital Forensics Virtual File System (dfVFS)
[ 123 Star][3y] [PS] silverhack/voyeur generate a fast (and pretty) Active Directory report.
[ 122 Star][3m] [Py] redaelli/imago-forensics a python tool that extract digital evidences from images.
[ 119 Star][2y] [PS] javelinnetworks/ir-tools forensics of domain based attacks on an infected host
[ 118 Star][13d] [Py] domainaware/parsedmarc A Python package and CLI for parsing aggregate and forensic DMARC reports
[ 115 Star][1y] [Shell] theflakes/ultimate-forensics-vm Evolving directions on building the best Open Source Forensics VM
[ 113 Star][1y] [C#] damonmohammadbagher/meterpreter_payload_detection Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
[ 112 Star][8m] [PHP] xplico/xplico Open Source Network Forensic Analysis Tool (NFAT)
[ 108 Star][5y] [Py] mspreitz/adel dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow
[ 108 Star][3y] projectretroscope/retroscope Public release of the RetroScope Android memory forensics framework
[ 99 Star][2y] [Py] trendmicro/defplorex defplorex for BlackHat Arsenal
[ 98 Star][6y] [Py] matonis/page_brute a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys
[ 97 Star][5m] [Py] woanware/usbdeviceforensics Python script for extracting USB information from Windows registry hives
[ 96 Star][1m] [Py] airbus-cert/regrippy a framework for reading and extracting useful forensics data from Windows registry hives
[ 96 Star][2y] [JS] anttikurittu/kirjuri a web application for managing cases and physical forensic evidence items.
[ 93 Star][20d] [Py] log2timeline/dftimewolf A framework for orchestrating forensic collection, processing and data export
[ 88 Star][6m] [Go] coinbase/dexter Forensics acquisition framework designed to be extensible and secure
[ 87 Star][2y] [C++] google/aff4 The Advanced Forensic File Format
[ 86 Star][2y] [Py] cheeky4n6monkey/4n6-scripts Forensic Scripts
[ 85 Star][6m] [Py] quantika14/guasap-whatsapp-foresincs-tool WhatsApp Forensic Tool
[ 79 Star][3m] [Py] google/giftstick 1-Click push forensics evidence to the cloud
[ 78 Star][3y] [C++] jeffbryner/nbdserver Network Block Device Server for windows with a DFIR/forensic focus.
[ 78 Star][2y] [Py] trolldbois/python-haystack Process heap analysis framework - Windows/Linux - record type inference and forensics
[ 74 Star][2y] [Py] busindre/dumpzilla Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
[ 73 Star][2y] [C++] kasperskylab/forensicstools Tools for DFIR
[ 64 Star][2y] [Py] darkquasar/wmi_persistence A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
[ 64 Star][1y] [Py] ralphje/imagemounter Command line utility and Python package to ease the (un)mounting of forensic disk images
[ 63 Star][3m] [C] carmaa/interrogate a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
[ 63 Star][2y] [Shell] yukinoshita47/pentest-tools-auto-installer Tool sederhana buat install tool-tool pentest dan forensic bagi pengguna linux yang jenis nya non-pentest OS
[ 61 Star][4y] [Py] sysinsider/usbtracker Quick & dirty coded incident response and forensics python script to track USB devices events and artifacts in a Windows OS (Vista and later).
[ 53 Star][5y] [Py] osandamalith/chromefreak A Cross-Platform Forensic Framework for Google Chrome
[ 50 Star][10d] [PS] s3cur3th1ssh1t/creds Some usefull Scripts and Executables for Pentest & Forensics
[ 46 Star][3y] [PS] n3l5/irfartpull PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.
[ 46 Star][1y] [Py] sentenza/gimp-ela A JPEG Error Level Analysis forensic plugin for the GNU Image Manipulation Program (GIMP)
[ 46 Star][8m] [YARA] xumeiquer/yara-forensics Set of Yara rules for finding files using magics headers
[ 43 Star][4m] [TSQL] abrignoni/dfir-sql-query-repo Collection of SQL query templates for digital forensics use by platform and application.
[ 43 Star][2y] [C#] zacbrown/hiddentreasure-etw-demo Basic demo for Hidden Treasure talk.
[ 42 Star][11d] [Py] simsong/dfxml Digital Forensics XML project and library
[ 40 Star][2y] [HTML] scorelab/androphsy An Open Source Mobile Forensics Investigation Tool for Android Platform
[ 39 Star][4y] [AutoIt] ajmartel/irtriage Incident Response Triage - Windows Evidence Collection for Forensic Analysis
[ 38 Star][2y] [C] adulau/dcfldd enhanced version of dd for forensics and security
[ 38 Star][2y] [Py] ytisf/muninn A short and small memory forensics helper.
[ 37 Star][10m] [Py] att/docker-forensics Tools to assist in forensicating docker
[ 36 Star][5y] [Py] eurecom-s3/actaeon Memory forensics of virtualization environments
[ 35 Star][8m] [Py] am0nt31r0/osint-search Useful for digital forensics investigations or initial black-box pentest footprinting.
[ 33 Star][2y] [C] weaknetlabs/byteforce Offline Digital Forensics Tool for Binary Files
[ 32 Star][1y] [Py] andreafortuna/autotimeliner Automagically extract forensic timeline from volatile memory dump
[ 31 Star][7y] [Perl] appliedsec/forensicscanner Forensic Scanner
[ 31 Star][2y] [Py] bltsec/violent-python3 Python 3 scripts based on lessons learned from Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O’Connor.
[ 31 Star][5y] [Py] madpowah/forensicpcap a Python Network Forensic tool to analyze a PCAP file.
[ 28 Star][6y] [Py] c0d3sh3lf/android_forensics Bypassing Android Pattern Lock
[ 27 Star][3y] [Java] animeshshaw/chromeforensics A tool to perform automated forensic analysis of Chrome Browser.
[ 26 Star][4y] [Py] cyberhatcoil/acf Android Connections Forensics
[ 24 Star][7y] [Ruby] chrislee35/flowtag FlowTag visualizes pcap files for forensic analysis
[ 24 Star][3y] [Py] forensicmatt/pancakeviewer A DFVFS Backed Forensic Viewer
[ 23 Star][3m] [Pascal] nannib/imm2virtual This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
[ 22 Star][2y] [C] lorecioni/imagesplicingdetection Illuminant inconsistencies for image splicing detection in forensics
[ 22 Star][1y] [C] paul-tew/lifer Windows link file forensic examiner
[ 22 Star][3m] [Py] circl/forensic-tools CIRCL system forensic tools or a jumble of tools to support forensic
[ 21 Star][2y] [Py] harris21/afot Automation Forensics Tool for Windows
[ 20 Star][5y] [JS] jonstewart/sifter Indexed search and clustering tool for digital forensics
[ 19 Star][3y] [Py] lukdog/backtolife Memory forensic tool for process resurrection starting from a memory dump
[ 18 Star][3y] [C++] nshadov/screensaver-mouse-jiggler Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)
[ 18 Star][20d] [Py] sekoialab/fastir_artifacts Live forensic artifacts collector
[ 17 Star][Java] marten4n6/email4n6 A simple cross-platform forensic application for processing email files.
[ 16 Star][9m] [Smarty] forensenellanebbia/xways-forensics Personal settings for X-Ways Forensics
[ 15 Star][2m] [Dockerfile] bitsofinfo/comms-analyzer-toolbox Tool for forensic analysis, search and graphing of communications content such as email MBOX files and CSV text message data using Elasticsearch and Kibana
[ 13 Star][10m] [Shell] matthewclarkmay/ftriage Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
[ 13 Star][1y] theresafewconors/file-system-forensics Repo for Reports on forensic analysis of various File Systems (NoWare to Hide)
[ 11 Star][3y] [Py] nipunjaswal/wireless-forensics-framework Wireless Forensics Framework In Python
[ 11 Star][1y] [C++] shujianyang/btrforensics Forensic Analysis Tool for Btrfs File System.
[ 10 Star][2y] [PS] b2dfir/b2response Logged PS Remote Command Wrapper for Blue Team Forensics/IR
[ 10 Star][3y] [Py] sekoialab/fastir_server The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent
[ 9 Star][10m] [Perl] randomaccess3/4n6_stuff Git for me to put all my forensics stuff
[ 9 Star][8y] [Perl] superponible/search-strings-extension srch_strings is a useful tool in digital forensics. Using the “-t d” option will give a byte location for the string. This repository contains two scripts that automatically map the byte location to the filesystem block containing the string.
[ 9 Star][1y] [Py] svelizdonoso/logfishh Logs Forensic Investigator SSH
[ 9 Star][7y] [JS] thinkski/vinetto Forensic tool for examining Thumbs.db files
[ 8 Star][7y] [Py] agnivesh/aft [Deprecated] Android Forensic Toolkit
[ 8 Star][2y] asiamina/a-course-on-digital-forensics A course on “Digital Forensics” designed and offered in the Computer Science Department at Texas Tech University
[ 8 Star][2m] [PS] tvfischer/ps-srum-hunting PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
[ 7 Star][4m] [PS] 1cysw0rdk0/whodunnit A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
[ 7 Star][3y] dfax/dfax (DEPRECATED) Digital Forensic Analysis eXpression
[ 7 Star][1y] [Py] dlcowen/testkitchen Scripts from The Forensic Lunch Test Kitchen segments
[ 7 Star][3y] [Py] maurermj08/vftools An open source forensic toolkit built on dfVFS
[ 7 Star][2y] [Rust] rustensic/prefetchkit A powerful forensic commandline tool for analyzing Microsoft Prefetch files.
[ 7 Star][2y] socprime/muddywater-apt an APT group that has been active throughout 2017
[ 6 Star][4y] [C#] alphadelta/clearbytes Data forensic tool
[ 6 Star][6m] [Shell] hestat/calamity A script to assist in processing forensic RAM captures for malware triage
[ 5 Star][1y] [Shell] kpcyrd/booty Minimal forensic/exfiltration/evil-maid/rescue live boot system
[ 5 Star][8m] zmbf0r3ns1cs/bf-elk Burnham Forensics ELK Deployment Files
[ 5 Star][9m] [Py] obsidianforensics/scripts Small scripts and POCs related to digital forensics
[ 4 Star][5m] [Py] bradley-evans/cfltools A logfile analysis tool for cyberforensics investigators.
[ 4 Star][3y] jaredthecoder/codestock2017-stuxnet-forensic-analysis Slides and demo script for my talk at Codestock 2017
[ 4 Star][3y] [Py] rotenkatz/ecos_romfs_unpacker It is a simple ecos ROMFS unpacker for forensics and firmware analysis needs
[ 3 Star][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
[ 3 Star][1y] [Py] inp2/sherlock a digital forensic analysis toolkit that relies on graph theory, link analysis, and probabilistic graphical models in order to aid the examiner in digital forensic investigations.
[ 2 Star][2y] [Py] edisonljh/hadoop_ftk Hadoop File System Forensics Toolkit
[ 2 Star][C] enrico204/unhide A fork of original “unhide” forensics tool from SourceForge CVS
[ 2 Star][4m] [Py] docker-forensics-toolkit/toolkit A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
[ 2 Star][1m] [Py] thebeanogamer/hstsparser A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
[ 1 Star][3m] [Go] cdstelly/nugget A Domain Specific Language for Digital Forensics
[ 1 Star][3y] [C++] colinmckaycampbell/rapidfilehash Fast and powerful SHA256 hashing for malware detection and digital forensics.
[ 1 Star][6m] [Py] pagabuc/atomicity_tops Introducing the Temporal Dimension to Memory Forensics - ACM Transactions on Privacy and Security 2019
[ 1 Star][2y] [Py] trolldbois/python-haystack-reverse Memory forensics data structure reversing
[ 0 Star][4y] bedazzlinghex/disk-analysis Contains tools to perform malware and forensic analysis on disk
[ 0 Star][3y] [C] irq8/trackercat A GPS Forensics Utility to Parse GPX Files
LinuxDistro
- [ 127 Star][11m] [Shell] wmal/kodachi Linux Kodachi operating system, based on Xubuntu 18.04, provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
- [ 104 Star][6y] santoku/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
- [ 13 Star][4y] nelenkov/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
Resource Collection
- [ 3230 Star][14d] [Rich Text Format] the-art-of-hacking/h4cker thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
- [ 841 Star][2m] cugu/awesome-forensics A curated list of awesome forensic analysis tools and resources
- [ 265 Star][10d] [Py] den4uk/andriller a collection of forensic tools for smartphones
- [ 76 Star][3m] ivbeg/awesome-forensicstools Awesome list of digital forensic tools
- [ 12 Star][27d] gaurav-gogia/dftools A curated list of digital forensic tools.
- [ 10 Star][4y] [Py] randomsctf/ctf-scripts A collection of short scripts for analysis, encryption and forensics, that can be used for CTF and/or security assessments
- [ 8 Star][26d] [Shell] kbnlresearch/forensicimagingresources resources and documentation related to an effort at setting up an experimental small-scale forensic imaging facility.
- [ 4 Star][2y] netseclab/paper_for_digital_forensics This is a collection of papers, codes, issues for digital forensics.
- [ 2 Star][2y] kanglib/edu_for A cheat sheet for digital forensics
Volatility
- [ 3276 Star][3m] [Py] volatilityfoundation/volatility An advanced memory forensics framework
- [ 326 Star][9m] [Py] jasonstrimpel/volatility-trading A complete set of volatility estimators based on Euan Sinclair’s Volatility Trading
- [ 293 Star][3y] [Py] kevthehermit/volutility Web App for Volatility framework
- [ 226 Star][3m] [Py] volatilityfoundation/profiles Volatility profiles for Linux and Mac OS X
- [ 222 Star][2y] [JS] jameshabben/evolve Web interface for the Volatility Memory Forensics Framework
- [ 220 Star][1m] [Py] volatilityfoundation/community Volatility plugins developed and maintained by the community
- [ 217 Star][3y] [Py] mkorman90/volatilitybot An automated memory analyzer for malware samples and memory dumps
- [ 197 Star][11d] [Py] jpcertcc/malconfscan Volatility plugin for extracts configuration data of known malware
- [ 171 Star][2m] [Py] gleeda/memtriage Allows you to quickly query a Windows machine for RAM artifacts
- [ 162 Star][2y] [Py] aim4r/voldiff Malware Memory Footprint Analysis based on Volatility
- [ 149 Star][21d] [Py] volatilityfoundation/volatility3 Volatility 3.0 development
- [ 131 Star][8m] [Py] kd8bny/limeaide A python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host.
- [ 130 Star][4y] [Py] elceef/bitlocker Volatility Framework plugin for extracting BitLocker FVEK (Full Volume Encryption Key)
- [ 90 Star][5m] [Py] tomchop/volatility-autoruns Autoruns plugin for the Volatility framework
- [ 76 Star][2y] [Py] superponible/volatility-plugins Plugins I’ve written for Volatility
- [ 71 Star][3y] [Py] monnappa22/hollowfind a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques
- [ 61 Star][3y] [Py] fireeye/volatility-plugins plugins for the Volatility Framework.
- [ 44 Star][3y] [Py] tribalchicken/volatility-filevault2 Volatility plugin to extract FileVault 2 VMK’s
- [ 43 Star][6y] [Py] sketchymoose/totalrecall Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to find badness.
- [ 43 Star][3y] [Py] tylerha97/findevil Volatility plugin to find evil
- [ 40 Star][3m] [Py] fireeye/win10_volatility An advanced memory forensics framework
- [ 39 Star][4y] [Py] takahiroharuyama/openioc_scan openioc_scan Volatility Framework plugin
- [ 38 Star][3y] [Py] cysinfo/pymal PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.
- [ 38 Star][3y] [Py] kevthehermit/volatility_plugins Volatility Plugins
- [ 33 Star][1y] [Py] eset/volatility-browserhooks Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
- [ 32 Star][4y] [Py] csababarta/volatility_plugins Volatility plugins created by the author
- [ 32 Star][2y] [Py] eurecom-s3/linux_screenshot_xwindows Volatility plugin to extract X screenshots from a memory dump
- [ 29 Star][2y] [Py] tribalchicken/volatility-bitlocker Volatility plugin to extract BitLocker Full Volume Encryption Keys (FVEK)
- [ 28 Star][5y] [Py] phaeilo/vol-openvpn A Volatility plugin to extract credentials from the memory of a OpenVPN client.
- [ 25 Star][2m] [Py] cube0x8/chrome_ragamuffin Google Chrome internals analysis using Volatility
- [ 22 Star][4y] [Py] monnappa22/linux_mem_diff_tool Script to perform Linux Memory Diff Analysis Using Volatility
- [ 22 Star][1y] [Py] sebastienbr/volatility Utilities for the memory forensics framework
- [ 22 Star][5y] [Py] siliconblade/volatility volatility
- [ 21 Star][6y] [Py] carlpulley/volatility A collection of Volatility Framework plugins.
- [ 21 Star][2y] [Py] kslgroup/threadmap threadmap plugin for Volatility Foundation
- [ 20 Star][5y] kdpryor/linuxvolprofiles Volatility Linux Profiles
- [ 19 Star][3y] [Py] monnappa22/psinfo Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related informa…
- [ 18 Star][3y] [Py] bridgeythegeek/editbox EditBox is a plugin for the Volatility Framework. It extracts the text from Windows Edit controls, that is, textboxes as generated by Windows Common Controls.
- [ 18 Star][2y] iabadia/volatility-plugin-tutorial Development guide for Volatility Plugins
- [ 17 Star][6y] [Py] dutchy-/volatility-plugins Container for assorted volatility plugins.
- [ 16 Star][1y] [Py] andreafortuna/malhunt Hunt malware with Volatility
- [ 16 Star][4m] [Dockerfile] blacktop/docker-volatility Volatility Dockerfile
- [ 16 Star][2y] [Py] borjamerino/doublepulsar-volatility Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys driver.
- [ 16 Star][6m] [Py] mbrown1413/sqlitefind A Volatility plugin for finding sqlite database rows
- [ 13 Star][12m] [Py] citronneur/volatility-wnf Browse and dump Windows Notification Facilities
- [ 12 Star][6y] [Py] jeffbryner/volatilityplugins My volatility Plugins
- [ 11 Star][4y] [Py] 4armed/volatility-attributeht
- [ 11 Star][5y] [Py] tomspencer/volatility Volatility stuff
- [ 11 Star][5y] [Py] kudelskisecurity/volatility-plugins Volatility plugins
- [ 10 Star][2y] [Py] circl/volatility-misp Volatility plugin to interface with MISP
- [ 9 Star][1m] [Py] dhondta/appmemdumper Forensics triage tool relying on Volatility and Foremost
- [ 9 Star][11m] [Py] pengjin2/derbit-volatility-visulization Visualization Tool for Deribit Options
- [ 9 Star][5m] [MATLAB] tommasobelluzzo/historicalvolatility A framework for historical volatility estimation and analysis.
- [ 8 Star][3y] [Py] martink90/volatilitybot_public
- [ 8 Star][6y] [C#] andy5876/volatility-plugin-manager GUI interface for Volatility
- [ 8 Star][1y] [Py] countercept/volatility-plugins
- [ 8 Star][2y] [C] lixingchen12138/libvmi-volatility-master 虚拟机带外内存监控
- [ 8 Star][3m] [Py] swelcher/vol2log 解析Volatility Json格式输出并导入至Graylog
- [ 7 Star][4y] [Py] bridgeythegeek/ndispktscan NDISPktScan is a plugin for the Volatility Framework. It parses the Ethernet packets stored by ndis.sys in Windows kernel space memory.
- [ 7 Star][4m] [Java] esterhlav/black-scholes-option-pricing-model Black Scholes Option Pricing calculator with Greeks and implied volatility computations. Geometric Brownian Motion simulator with payoff value diagram and volatility smile plots. Java GUI.
- [ 7 Star][1y] mattnotmax/volatility_mind_map A Volatility command reference mind map
- [ 5 Star][2y] [R] niki864/volatilityanalysisbitcoin A technical analysis of price volatility in bitcoins for a over a year using 6 hour intervals
- [ 4 Star][6m] [Py] carlospolop/autovolatility Run several volatility plugins at the same time
- [ 4 Star][3y] [HTML] luisdamiano/rfinance17 Presentation and notebook for the lightning talk A Quick Intro to Hidden Markov Models Applied to Stock Volatility presented in R/Finance 2017.
- [ 3 Star][2y] [R] prodipta/bsoption Package for option pricing and volatility calibration for index (and FX) options
- [ 2 Star][7m] [PHP] yegor256/volatility The Calculator of the Source Code “Volatility” Metric
- [ 1 Star][2y] [Py] samduy/volatility-uclinux Volatility profile for uclinux
- [ 1 Star][2m] [Py] mdenzel/acpi-rootkit-scan volatility plugin to detect ACPI rootkits
- [ 1 Star][11m] [Py] tazwake/volatility-plugins Learning volatility plugins.
- [ 1 Star][7m] [Py] angelomirabella/linux_coredump Volatility plugin that attempts to create a core dump file starting from the memory of a Linux process
- [ 1 Star][4m] [Py] kslgroup/winobj A volatility plugin to parse Object Directories
- [ 0 Star][5y] mohandattatreya/4n6k_volatility_installer Installs Volatility 2.4 (+ all dependencies) for Ubuntu (+ other APT-based distros) with one command.
- [ 0 Star][19d] [Py] orchechik/ropfind Volatility Plugins to find rop gadgets in Windows and Linux physical memory dumps.
- [ 0 Star][4m] [Py] kslgroup/tokenimp-token_impersonation_detection A volatility plugin to detect Token Impersonation
sleuthkit
- [ 1482 Star][11d] [C] sleuthkit/sleuthkit a library and collection of command line digital forensics tools that allow you to investigate volume and file system data.
- [ 840 Star][9d] [Java] sleuthkit/autopsy a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
- [ 26 Star][2m] blackbagtech/sleuthkit-apfs A fork of The Sleuthkit with Pooled Storage and APFS support. See
- [ 6 Star][3y] [Pascal] nannib/nbtempow a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.
- [ 1 Star][3m] [Shell] nannib/nbtempo a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format.
Rekall
- [ 1522 Star][10m] [Py] google/rekall Rekall Memory Forensic Framework
- [ 82 Star][1y] [HTML] google/rekall-profiles Public Profile Repository for Rekall Memory Forensic.
- [ 5 Star][4y] bmaia/rekall-profiles Rekall Memory Forensic Linux Profiles
- [ 2 Star][25d] [Py] f-block/rekall-plugins
bulk_extractor
- [ 391 Star][19d] [C++] simsong/bulk_extractor bulk_extractor
- [ 11 Star][3y] [Java] nps-deep/sectorscope A GUI for viewing block hashes found using hashdb and bulk_extractor
- [ 0 Star][2y] [Lex] thomaslaurenson/irdnumberscanner A bulk_extractor scanner plug-in to detect and validate Inland Revenue (IRD) Numbers
Anti-Forensic
- [ 2736 Star][3y] [Py] hephaest0s/usbkill an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
- [ 339 Star][2y] [C] natebrune/silk-guardian an anti-forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
- [ 78 Star][2y] [C] elfmaster/saruman ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
- [ 67 Star][3y] [Shell] trpt/usbdeath anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal
- [ 35 Star][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
- [ 20 Star][3y] [Py] ncatlin/lockwatcher Anti-forensic monitor program: watches for signs of tampering and purges keys/shuts everything down.
- [ 15 Star][1y] [C#] thereisnotime/xxusbsentinel Windows anti-forensics USB monitoring tool.
- [ 12 Star][5y] [C#] maldevel/clearlogs Clear All Windows System Logs - AntiForensics
- [ 11 Star][3y] [Shell] phosphore/burn [WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles
macOS
- [ 3071 Star][10m] [JS] jipegit/osxauditor OS X Auditor is a free Mac OS X computer forensics tool
- [ 1695 Star][6m] [Py] yelp/osxcollector A forensic evidence collection & analysis toolkit for OS X
- [ 445 Star][2y] [ObjC] aburgh/disk-arbitrator A Mac OS X forensic utility which manages file system mounting in support of forensic procedures.
- [ 317 Star][9m] [Py] n0fate/chainbreaker Mac OS X Keychain Forensic Tool
- [ 197 Star][1y] [Py] pstirparo/mac4n6 Collection of forensics artifacs location for Mac OS X and iOS
- [ 38 Star][10d] [Py] ydkhatri/macforensics Scripts to process OSX forensic artifacts
- [ 16 Star][1y] mrmugiwara/ftk-imager-osx FTK Imager a Forensics Tools For MAC OS X
iOS
- [ 33 Star][2m] [Py] cheeky4n6monkey/ios_sysdiagnose_forensic_scripts Scripts to parse various iOS sysdiagnose logs. Based upon the forensic research of Mattia Epifani, Heather Mahalik and Cheeky4n6monkey.
- [ 28 Star][6y] [Py] flo354/iosforensic iOS forensic tool
Linux
- [ 320 Star][5m] [HTML] intezer/linux-explorer Easy-to-use live forensics toolbox for Linux endpoints
- [ 295 Star][1y] [Shell] sevagas/swap_digger a tool used to automate Linux swap analysis during post-exploitation or forensics.
- [ 102 Star][2m] ashemery/linuxforensics Everything related to Linux Forensics
- [ 36 Star][4y] [Shell] pwnagentsmith/ir_tool Script for Forensic on Linux
- [ 34 Star][2y] [Py] google/amt-forensics Retrieve Intel AMT’s Audit Log from a Linux machine without knowing the admin user’s password.
- [ 26 Star][2y] packtpublishing/digital-forensics-with-kali-linux Digital Forensics with Kali Linux, published by Packt
- [ 10 Star][3y] [C] t0t3m/afkit Anti live forensic linux LKM rootkit
- [ 3 Star][2y] [Pascal] esperti/nbtempox a GNU-Linux forensic tool for making timelines (in CSV format) from block devices image files (raw, ewf,physicaldrive, etc.)

Source : alphaSeclab ( https://github.com/alphaSeclab )

ENJOY & HAPPY LEARNING!

JovialH4ckr · March 10, 2020, 4:38pm

This is an entire library. Thanks.

Ajisafe_Eniola · March 11, 2020, 10:26am

Thank you very much for this masterpiece

maester · March 11, 2020, 12:20pm

Holy Grail of forensic analysis !!!

techiemax8 · March 11, 2020, 2:04pm

Mother of all Forensics…

Astrid · March 27, 2020, 1:54pm

Mind blowing, indeed it’s a mother of all forensics, I’m speechless

fd2013 · July 9, 2020, 7:56pm

Works like Magic

Friendly Websites

Awesome Forensics Resources | Almost 300 Open-Source Forensics Tools | 600 Blog Posts About Forens

Forensics

Directory

Forensics

Recent Add

Volatility

Sleuthkit

Rekall

ENJOY & HAPPY LEARNING!

Tools

Recent Add

LinuxDistro

Resource Collection

Volatility

sleuthkit

Rekall

bulk_extractor

Anti-Forensic

macOS

iOS

Linux

ENJOY & HAPPY LEARNING!