跳转到主要内容

标签(标签)

资源精选(342) Go开发(108) Go语言(103) Go(99) angular(82) LLM(78) 大语言模型(63) 人工智能(53) 前端开发(50) LangChain(43) golang(43) 机器学习(39) Go工程师(38) Go程序员(38) Go开发者(36) React(33) Go基础(29) Python(24) Vue(22) Web开发(20) Web技术(19) 精选资源(19) 深度学习(19) Java(18) ChatGTP(17) Cookie(16) android(16) 前端框架(13) JavaScript(13) Next.js(12) 安卓(11) 聊天机器人(10) typescript(10) 资料精选(10) NLP(10) 第三方Cookie(9) Redwoodjs(9) ChatGPT(9) LLMOps(9) Go语言中级开发(9) 自然语言处理(9) PostgreSQL(9) 区块链(9) mlops(9) 安全(9) 全栈开发(8) OpenAI(8) Linux(8) AI(8) GraphQL(8) iOS(8) 软件架构(7) RAG(7) Go语言高级开发(7) AWS(7) C++(7) 数据科学(7) whisper(6) Prisma(6) 隐私保护(6) JSON(6) DevOps(6) 数据可视化(6) wasm(6) 计算机视觉(6) 算法(6) Rust(6) 微服务(6) 隐私沙盒(5) FedCM(5) 智能体(5) 语音识别(5) Angular开发(5) 快速应用开发(5) 提示工程(5) Agent(5) LLaMA(5) 低代码开发(5) Go测试(5) gorm(5) REST API(5) kafka(5) 推荐系统(5) WebAssembly(5) GameDev(5) CMS(5) CSS(5) machine-learning(5) 机器人(5) 游戏开发(5) Blockchain(5) Web安全(5) Kotlin(5) 低代码平台(5) 机器学习资源(5) Go资源(5) Nodejs(5) PHP(5) Swift(5) devin(4) Blitz(4) javascript框架(4) Redwood(4) GDPR(4) 生成式人工智能(4) Angular16(4) Alpaca(4) 编程语言(4) SAML(4) JWT(4) JSON处理(4) Go并发(4) 移动开发(4) 移动应用(4) security(4) 隐私(4) spring-boot(4) 物联网(4) nextjs(4) 网络安全(4) API(4) Ruby(4) 信息安全(4) flutter(4) RAG架构(3) 专家智能体(3) Chrome(3) CHIPS(3) 3PC(3) SSE(3) 人工智能软件工程师(3) LLM Agent(3) Remix(3) Ubuntu(3) GPT4All(3) 软件开发(3) 问答系统(3) 开发工具(3) 最佳实践(3) RxJS(3) SSR(3) Node.js(3) Dolly(3) 移动应用开发(3) 低代码(3) IAM(3) Web框架(3) CORS(3) 基准测试(3) Go语言数据库开发(3) Oauth2(3) 并发(3) 主题(3) Theme(3) earth(3) nginx(3) 软件工程(3) azure(3) keycloak(3) 生产力工具(3) gpt3(3) 工作流(3) C(3) jupyter(3) 认证(3) prometheus(3) GAN(3) Spring(3) 逆向工程(3) 应用安全(3) Docker(3) Django(3) R(3) .NET(3) 大数据(3) Hacking(3) 渗透测试(3) C++资源(3) Mac(3) 微信小程序(3) Python资源(3) JHipster(3) 语言模型(2) 可穿戴设备(2) JDK(2) SQL(2) Apache(2) Hashicorp Vault(2) Spring Cloud Vault(2) Go语言Web开发(2) Go测试工程师(2) WebSocket(2) 容器化(2) AES(2) 加密(2) 输入验证(2) ORM(2) Fiber(2) Postgres(2) Gorilla Mux(2) Go数据库开发(2) 模块(2) 泛型(2) 指针(2) HTTP(2) PostgreSQL开发(2) Vault(2) K8s(2) Spring boot(2) R语言(2) 深度学习资源(2) 半监督学习(2) semi-supervised-learning(2) architecture(2) 普罗米修斯(2) 嵌入模型(2) productivity(2) 编码(2) Qt(2) 前端(2) Rust语言(2) NeRF(2) 神经辐射场(2) 元宇宙(2) CPP(2) 数据分析(2) spark(2) 流处理(2) Ionic(2) 人体姿势估计(2) human-pose-estimation(2) 视频处理(2) deep-learning(2) kotlin语言(2) kotlin开发(2) burp(2) Chatbot(2) npm(2) quantum(2) OCR(2) 游戏(2) game(2) 内容管理系统(2) MySQL(2) python-books(2) pentest(2) opengl(2) IDE(2) 漏洞赏金(2) Web(2) 知识图谱(2) PyTorch(2) 数据库(2) reverse-engineering(2) 数据工程(2) swift开发(2) rest(2) robotics(2) ios-animation(2) 知识蒸馏(2) 安卓开发(2) nestjs(2) solidity(2) 爬虫(2) 面试(2) 容器(2) C++精选(2) 人工智能资源(2) Machine Learning(2) 备忘单(2) 编程书籍(2) angular资源(2) 速查表(2) cheatsheets(2) SecOps(2) mlops资源(2) R资源(2) DDD(2) 架构设计模式(2) 量化(2) Hacking资源(2) 强化学习(2) flask(2) 设计(2) 性能(2) Sysadmin(2) 系统管理员(2) Java资源(2) 机器学习精选(2) android资源(2) android-UI(2) Mac资源(2) iOS资源(2) Vue资源(2) flutter资源(2) JavaScript精选(2) JavaScript资源(2) Rust开发(2) deeplearning(2) RAD(2)
SEO Title

Curated list of awesome free (mostly open source) forensic analysis tools and resources.


Collections

Tools

Distributions

Frameworks

Live Forensics

  • grr - GRR Rapid Response: remote live forensics for incident response
  • Linux Expl0rer - Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask
  • mig - Distributed & real time digital forensics at the speed of the cloud
  • osquery - SQL powered operating system analytics
  • POFR - The Penguin OS Flight Recorder collects, stores and organizes for further analysis process execution, file access and network/socket endpoint data from the Linux Operating System.
  • UAC - UAC (Unix-like Artifacts Collector) is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

IOC Scanner

  • Fastfinder - Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashes, literal/wildcard strings, regular expressions and YARA rules
  • Fenrir - Simple Bash IOC Scanner
  • Loki - Simple IOC and Incident Response Scanner
  • Redline - Free endpoint security tool from FireEye
  • THOR Lite - Free IOC and YARA Scanner

Acquisition

  • artifactcollector - A customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
  • ArtifactExtractor - Extract common Windows artifacts from source images and VSCs
  • AVML - A portable volatile memory acquisition tool for Linux
  • Belkasoft RAM Capturer - Volatile Memory Acquisition Tool
  • CrowdResponse - A static host data collection tool by CrowdStrike
  • DFIR ORC - Forensics artefact collection tool for systems running Microsoft Windows
  • FastIR Collector - Collect artifacts on windows
  • FireEye Memoryze - A free memory forensic software
  • LiME - Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD
  • Magnet RAM Capture - A free imaging tool designed to capture the physical memory
  • unix_collector - A live forensic collection script for UNIX-like systems as a single script.
  • Velociraptor - Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries
  • WinTriage - Wintriage is a live response tool that extracts Windows artifacts. It must be executed with local or domain administrator privileges and recommended to be done from an external drive.

Imaging

  • dc3dd - Improved version of dd
  • dcfldd - Different improved version of dd (this version has some bugs!, another version is on github adulau/dcfldd)
  • FTK Imager - Free imageing tool for windows
  • ⭐ Guymager - Open source version for disk imageing on linux systems

Carving

  • bstrings - Improved strings utility
  • bulk_extractor - Extracts information such as email addresses, creditcard numbers and histrograms from disk images
  • floss - Static analysis tool to automatically deobfuscate strings from malware binaries
  • ⭐ photorec - File carving tool
  • swap_digger - A bash script used to automate Linux swap analysis, automating swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, etc.

Memory Forensics

  • inVtero.net - High speed memory analysis framework developed in .NET supports all Windows x64, includes code integrity and write support
  • KeeFarce - Extract KeePass passwords from memory
  • MemProcFS - An easy and convenient way of accessing physical memory as files a virtual file system.
  • Rekall - Memory Forensic Framework
  • volatility - The memory forensic framework
  • VolUtility - Web App for Volatility framework

Network Forensics

Windows Artifacts

  • Beagle - Transform data sources and logs into graphs
  • FRED - Cross-platform microsoft registry hive editor
  • LastActivityView - LastActivityView by Nirsoftis a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer.
  • LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log
  • python-evt - Pure Python parser for classic Windows Event Log files (.evt)
  • RegRipper3.0 - RegRipper is an open source Perl tool for parsing the Registry and presenting it for analysis
  • RegRippy - A framework for reading and extracting useful forensics data from Windows registry hives

NTFS/MFT Processing

OS X Forensics

Mobile Forensics

  • Andriller - A software utility with a collection of forensic tools for smartphones
  • ALEAPP - An Android Logs Events and Protobuf Parser
  • ArtEx - Artifact Examiner for iOS Full File System extractions
  • iLEAPP - An iOS Logs, Events, And Plists Parser
  • iOS Frequent Locations Dumper - Dump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/
  • MEAT - Perform different kinds of acquisitions on iOS devices
  • MobSF - An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
  • OpenBackupExtractor - An app for extracting data from iPhone and iPad backups.

Docker Forensics

Internet Artifacts

  • ChromeCacheView - A small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache
  • chrome-url-dumper - Dump all local stored infromation collected by Chrome
  • hindsight - Internet history forensics for Google Chrome/Chromium
  • unfurl - Extract and visualize data from URLs

Timeline Analysis

  • DFTimewolf - Framework for orchestrating forensic collection, processing and data export using GRR and Rekall
  • ⭐ plaso - Extract timestamps from various files and aggregate them
  • Timeline Explorer - Timeline Analysis tool for CSV and Excel files. Built for SANS FOR508 students
  • timeliner - A rewrite of mactime, a bodyfile reader
  • timesketch - Collaborative forensic timeline analysis

Disk image handling

  • Disk Arbitrator - A Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device
  • imagemounter - Command line utility and Python package to ease the (un)mounting of forensic disk images
  • libewf - Libewf is a library and some tools to access the Expert Witness Compression Format (EWF, E01)
  • PancakeViewer - Disk image viewer based in dfvfs, similar to the FTK Imager viewer
  • xmount - Convert between different disk image formats

Decryption

Management

  • dfirtrack - Digital Forensics and Incident Response Tracking application, track systems
  • Incidents - Web application for organizing non-trivial security investigations. Built on the idea that incidents are trees of tickets, where some tickets are leads

Picture Analysis

  • Ghiro - A fully automated tool designed to run forensics analysis over a massive amount of images
  • sherloq - An open-source digital photographic image forensic toolset

Metadata Forensics

  • ExifTool by Phil Harvey
  • FOCA - FOCA is a tool used mainly to find metadata and hidden information in the documents

Steganography

  • Sonicvisualizer
  • Steghide - is a steganography program that hides data in various kinds of image and audio files
  • Wavsteg - is a steganography program that hides data in various kinds of image and audio files
  • Zsteg - A steganographic coder for WAV files

Learn Forensics

CTFs and Challenges

Resources

Web

Blogs

Books

more at Recommended Readings by Andrew Case

File System Corpora

Twitter

Vendors:

Other

Labs

  • BlueTeam.Lab - Blue Team detection lab created with Terraform and Ansible in Azure.

Related Awesome Lists

原文:https://github.com/cugu/awesome-forensics