Sunday, June 11, 2017

DIGITAL FORENSICS: Collections of Computer Forensics Tools

DIGITAL FORENSICS: Collections of Computer Forensics Tools

Tools

Distributions

Frameworks

  • dff – Forensic framework
  • IntelMQ – IntelMQ collects and processes security feeds
  • Laika BOSS – Laika is an object scanner and intrusion detection system
  • PowerForensics – PowerForensics is a framework for live disk forensic analysis
  • The Sleuth Kit – Tools for low level forensic analysis
  • turbinia – Turbinia is an open-source framework for deploying, managing, and running forensic workloads on cloud platforms

Live forensics

  • grr – GRR Rapid Response: remote live forensics for incident response
  • Linux Expl0rer – Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask
  • mig – Distributed & real time digital forensics at the speed of the cloud
  • osquery – SQL powered operating system analytics

Imaging

  • dc3dd – Improved version of dd
  • dcfldd – Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
  • FTK Imager – Free imageing tool for windows
  • Guymager – Open source version for disk imageing on linux systems

Carving

more at Malware Analysis List
  • bstrings – Improved strings utility
  • bulk_extractor – Extracts informations like email adresses, creditscard numbers and histrograms of disk images
  • floss – Static analysis tool to automatically deobfuscate strings from malware binaries
  • photorec – File carving tool

Memory Forensics

more at Malware Analysis List
  • inVtero.net – High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
  • KeeFarce – Extract KeePass passwords from memory
  • Rekall – Memory Forensic Framework
  • volatility – The memory forensic framework
  • VolUtility – Web App for Volatility framework
  • BlackLight – Windows/MacOS Computer Forensics tools client supporting hiberfil, pagefile, raw memory analysis.
  • DAMM – Differential Analysis of Malware in Memory, built on Volatility.
  • evolve – Web interface for the Volatility Memory Forensics Framework.
  • FindAES – Find AES encryption keys in memory.
  • inVtero.net – High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support.
  • Muninn – A script to automate portions of analysis using Volatility, and create a readable report.
  • Rekall – Memory analysis framework, forked from Volatility in 2013.
  • TotalRecall – Script based on Volatility for automating various malware analysis tasks.
  • VolDiff – Run Volatility on memory images before and after malware execution, and report changes.
  • Volatility – Advanced memory forensics framework.
  • VolUtility – Web Interface for Volatility Memory Analysis framework.
  • WDBGARK – WinDBG Anti-RootKit Extension.
  • WinDbg – Live memory inspection and kernel debugging for Windows systems.

Network Forensics

  • SiLK Tools – SiLK is a suite of network traffic collection and Computer Forensics tools analysis tools
  • Wireshark – The network traffic analysis tool
  • NetLytics – Analytics platform to process network data on Spark.

Windows Artifacts

OS X Forensics

Internet Artifacts

  • chrome-url-dumper – Dump all local stored infromation collected by Chrome
  • hindsight – Internet history forensics for Google Chrome/Chromium

Timeline Analysis

  • DFTimewolf – Framework for orchestrating Computer Forensics tools collection, processing and data export using GRR and Rekall
  • plaso – Extract timestamps from various files and aggregate them
  • timesketch – Collaborative forensic timeline analysis

Disk image handling

  • aff4 – AFF4 is an alternative, fast file format
  • imagemounter – Command line utility and Python package to ease the (un)mounting of forensic disk images
  • libewf – Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
  • xmount – Convert between different disk image formats

Decryption

Learn forensics

CTFs

Resources

Books

more at Recommended Readings by Andrew Case

File System Corpora

Twitter

Blogs

Other

 

 BALAJI is a Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief, Author & Co-Creator of GBHackers On Security 
http://www.gbhackers.com

 สุดยอดทูลในการใช้งาน Cyber Forensic

 

หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น

* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย  รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ

#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud

No comments:

Post a Comment

Digital Forensics:CDIC2024

Digital Forensics:CDIC2024    งานสัมมนาประจำปีด้านความมั่นคงปลอดภัยไซเบอร์  27-28 พฤศจิกายน 2567 ณ Grand Hall ไบเทค บางนา วันนี้แอดแวะมางาน ...