DIGITAL FORENSICS: Collections of Computer Forensics Tools
- DFIR – The definitive compendium project – Collection of forensic resources for learning and research. Offers lists of certifications, books, blogs, challenges and more
- dfir.training – Database of forensic resources focused on events, tools and more
- ForensicArtifacts.com Artifact Repository – Machine-readable knowledge base of forensic artifacts
Tools
- Forensics tools on Wikipedia
- Free computer forensic tools – Comprehensive list of free computer forensic tools
Distributions
- bitscout – LiveCD/LiveUSB for remote forensic acquisition and analysis
- deft – Linux distribution for forensic analysis
- SANS Investigative Forensics Toolkit (sift) – Linux distribution for forensic analysis
Frameworks
- dff – Forensic framework
- IntelMQ – IntelMQ collects and processes security feeds
- Laika BOSS – Laika is an object scanner and intrusion detection system
- PowerForensics – PowerForensics is a framework for live disk forensic analysis
- The Sleuth Kit – Tools for low level forensic analysis
- turbinia – Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms
Live forensics
- grr – GRR Rapid Response: remote live forensics for incident response
- Linux Expl0rer – Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask
- mig – Distributed & real time digital forensics at the speed of the cloud
- osquery – SQL powered operating system analytics
Imaging
- dc3dd – Improved version of dd
- dcfldd – Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
- FTK Imager – Free imageing tool for windows
- Guymager – Open source version for disk imageing on linux systems
Carving
more at Malware Analysis List- bstrings – Improved strings utility
- bulk_extractor – Extracts informations like email adresses, creditscard numbers and histrograms of disk images
- floss – Static analysis tool to automatically deobfuscate strings from malware binaries
- photorec – File carving tool
Memory Forensics
more at Malware Analysis List- inVtero.net – High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
- KeeFarce – Extract KeePass passwords from memory
- Rekall – Memory Forensic Framework
- volatility – The memory forensic framework
- VolUtility – Web App for Volatility framework
- BlackLight – Windows/MacOS Computer Forensics tools client supporting hiberfil, pagefile, raw memory analysis.
- DAMM – Differential Analysis of Malware in Memory, built on Volatility.
- evolve – Web interface for the Volatility Memory Forensics Framework.
- FindAES – Find AES encryption keys in memory.
- inVtero.net – High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
- Muninn – A script to automate portions of analysis using Volatility, and create a readable report.
- Rekall – Memory analysis framework, forked from Volatility in 2013.
- TotalRecall – Script based on Volatility for automating various malware analysis tasks.
- VolDiff – Run Volatility on memory images before and after malware execution, and report changes.
- Volatility – Advanced memory forensics framework.
- VolUtility – Web Interface for Volatility Memory Analysis framework.
- WDBGARK – WinDBG Anti-RootKit Extension.
- WinDbg – Live memory inspection and kernel debugging for Windows systems.
Network Forensics
- SiLK Tools – SiLK is a suite of network traffic collection and Computer Forensics tools analysis tools
- Wireshark – The network traffic analysis tool
- NetLytics – Analytics platform to process network data on Spark.
Windows Artifacts
- ArtifactExtractor – Extract common Windows artifacts from source images and VSCs
- FastIR Collector – Collect artifacts on windows
- FRED – Cross-platform microsoft registry hive editor
- LogonTracer – Investigate malicious Windows logon by visualizing and analyzing Windows event log
- MFT-Parsers – Comparison of MFT-Parsers
- MFTExtractor – MFT-Parser
- NTFS journal parser
- NTFS USN Journal parser
- RecuperaBit – Reconstruct and recover NTFS data
- python-ntfs – NTFS analysis
- analyzeMFT-analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem
OS X Forensics
Internet Artifacts
- chrome-url-dumper – Dump all local stored infromation collected by Chrome
- hindsight – Internet history forensics for Google Chrome/Chromium
Timeline Analysis
- DFTimewolf – Framework for orchestrating Computer Forensics tools collection, processing and data export using GRR and Rekall
- plaso – Extract timestamps from various files and aggregate them
- timesketch – Collaborative forensic timeline analysis
Disk image handling
- aff4 – AFF4 is an alternative, fast file format
- imagemounter – Command line utility and Python package to ease the (un)mounting of forensic disk images
- libewf – Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
- xmount – Convert between different disk image formats
Decryption
- hashcat – Fast password cracker with GPU support
- John the Ripper – Password cracker
- Passware Kit Forensic -The world leader in encrypted electronic evidence discovery and decryption
Learn forensics
- Forensic challanges – Mindmap of forensic challanges
- Training material – Online training material by European Union Agency for Network and Information Security for different topics (e.g. Digital forensics, Network forensics)
CTFs
Resources
Books
more at Recommended Readings by Andrew Case- Network Forensics: Tracking Hackers through Cyberspace – Learn to recognize hackers’ tracks and uncover network-based evidence
- The Art of Memory Forensics – Detecting Malware and Threats in Windows, Linux, and Mac Memory
- The Practice of Network Security Monitoring – Understanding Incident Detection and Response
File System Corpora
- Digital Forensic Challenge Images – Two DFIR challanges with images
- Digital Forensics Tool Testing Images
- FAU Open Research Challenge Digital Forensics
- The CFReDS Project
- @4n6ist
- @4n6k
- @aheadless
- @AppleExaminer – Apple OS X & iOS Digital Forensics
- @blackbagtech
- @carrier4n6 – Brian Carrier, author of Autopsy and the Sleuth Kit
- @CindyMurph – Detective & Digital Forensic Examiner
- @forensikblog – Computer forensic geek
- @HECFBlog – SANS Certified Instructor
- @Hexacorn – DFIR+Malware
- @hiddenillusion
- @iamevltwin – Mac Nerd, Forensic Analyst, Author & Instructor of SANS FOR518
- @jaredcatkinson – PowerShell Forensics
- @maridegrazia – Computer Forensics Examiner
- @sleuthkit
- @williballenthin
- @XWaysGuide
Blogs
- thisweekin4n6.wordpress.com – Weekly updates for forensics
Other
- /r/computerforensics/ – Subreddit for computer forensics
- ForensicPosters – Posters of file system structures
BALAJI is a Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief, Author & Co-Creator of GBHackers On Security
http://www.gbhackers.com
สุดยอดทูลในการใช้งาน Cyber Forensic
หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ
#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ
#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud
No comments:
Post a Comment