alphaSeclab / awesome-forensics

Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

所有收集类项目:

Forensics

目录

文章


新添加


Volatility


Sleuthkit


Rekall

工具


新添加

  • [5208星][7m] [Py] usarmyresearchlab/dshell 可扩展的网络取证分析框架。支持快速开发插件,以支持剖析网络数据包捕获。
  • [3337星][11d] [Py] google/grr remote live forensics for incident response
  • [1912星][13d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
  • [1227星][12d] [Py] google/timesketch Collaborative forensic timeline analysis
  • [1155星][4m] [Go] mozilla/mig 分布式实时数字取证和研究平台
  • [1024星][13d] [Py] ondyari/faceforensics Github of the FaceForensics dataset
  • [1017星][12d] [Rich Text Format] decalage2/oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
  • [949星][2y] [C#] invoke-ir/powerforensics PowerForensics provides an all in one platform for live disk forensic analysis
  • [883星][2m] [C] cisco/joy 捕获和分析网络流数据和intraflow数据,用于网络研究、取证和安全监视
  • [832星][27d] [Py] yampelo/beagle an incident response and digital forensics tool which transforms security logs and data into graphs.
  • [791星][4m] [Py] srinivas11789/pcapxray 网络取证工具:离线将捕获数据包可视化为网络图,包括设备标识,突出显示重要的通信和文件提取
  • [762星][2m] [Py] snovvcrash/usbrip Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux
  • [544星][1m] [Go] biggiesmallsag/nighthawkresponse Incident Response Forensic Framework
  • [485星][26d] [Py] netflix-skunkworks/diffy a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
  • [429星][3m] [Py] obsidianforensics/hindsight Internet history forensics for Google Chrome/Chromium
  • [419星][20d] [Py] forensicartifacts/artifacts Digital Forensics Artifact Repository
  • [395星][2y] [PS] cryps1s/darksurgeon a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
  • [392星][11m] [Go] mozilla/masche MIG Memory Forensic library
  • [381星][5y] [JS] le4f/pcap-analyzer 在线轻量Pcap流量文件分析工具
  • [349星][3m] [Shell] orlikoski/skadi collection, processing and advanced analysis of forensic artifacts and images.
  • [324星][11m] [Py] alessandroz/lazagneforensic Windows passwords decryption from dump files
  • [320星][2y] [C] fireeye/rvmi steroids 调试器,利用 VMI(Virtual Machine Introspection) 和内存取证来提供全面的系统分析
  • [316星][12d] [Py] google/turbinia Automation and Scaling of Digital Forensics Tools
  • [303星][2m] [Shell] vitaly-kamluk/bitscout 远程数据取证工具
  • [295星][3y] invoke-ir/forensicposters 多种数据结构图解:MBR/GPT/...
  • [274星][13d] [Perl] owasp/o-saft OWASP SSL advanced forensic tool
  • [268星][3y] [Py] ghirensics/ghiro Automated image forensics tool
  • [263星][7m] [Batchfile] diogo-fernan/ir-rescue A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
  • [260星][1m] [Py] google/docker-explorer A tool to help forensicate offline docker acquisitions
  • [252星][1y] [C++] comaeio/swishdbgext Incident Response & Digital Forensics Debugging Extension
  • [247星][1m] [Py] orlikoski/cdqr a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
  • [245星][1y] [Py] crowdstrike/forensics Scripts and code referenced in CrowdStrike blog posts
  • [233星][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • [225星][3m] [Py] crowdstrike/automactc Automated Mac Forensic Triage Collector
  • [224星][4y] [Java] nowsecure/android-forensics Open source Android Forensics app and framework
  • [213星][2y] [C#] shanek2/invtero.net A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
  • [202星][11m] [Py] medbenali/cyberscan Network's Forensics ToolKit
  • [191星][2m] [Py] lazza/recuperabit A tool for forensic file system reconstruction.
  • [177星][11d] [Py] markbaggett/srum-dump A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  • [176星][4y] [Py] csababarta/ntdsxtract Active Directory forensic framework
  • [168星][2y] [Py] monrocoury/forensic-tools A collection of tools for forensic analysis
  • [162星][6m] [Py] cvandeplas/elk-forensics ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)
  • [162星][2m] [C++] gregwar/fatcat FAT filesystems explore, extract, repair, and forensic tool
  • [158星][2m] [Py] travisfoley/dfirtriage Digital forensic acquisition tool for Windows based incident response.
  • [154星][9m] [Py] vikwin/pcapfex 'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files
  • [150星][4m] [Py] stuhli/dfirtrack 数字取证, 与事件响应追踪. 基于Django
  • [149星][4y] [Py] arxsys/dff a Forensics Framework coming with command line and graphical interfaces
  • [146星][2y] [Py] davidpany/wmi_forensics scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files
  • [141星][2m] [C++] dfir-orc/dfir-orc Forensics artefact collection tool for systems running Microsoft Windows
  • [139星][2y] [Py] jrbancel/chromagnon Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
  • [131星][2m] [Py] benjeems/packetstrider A network packet forensics tool for SSH
  • [131星][2m] [Py] log2timeline/dfvfs Digital Forensics Virtual File System (dfVFS)
  • [123星][3y] [PS] silverhack/voyeur generate a fast (and pretty) Active Directory report.
  • [122星][3m] [Py] redaelli/imago-forensics a python tool that extract digital evidences from images.
  • [119星][2y] [PS] javelinnetworks/ir-tools forensics of domain based attacks on an infected host
  • [118星][13d] [Py] domainaware/parsedmarc 解析DMARC报告的Python脚本, 含cli
  • [115星][1y] [Shell] theflakes/ultimate-forensics-vm Evolving directions on building the best Open Source Forensics VM
  • [113星][1y] [C#] damonmohammadbagher/meterpreter_payload_detection Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
  • [112星][8m] [PHP] xplico/xplico Open Source Network Forensic Analysis Tool (NFAT)
  • [108星][5y] [Py] mspreitz/adel dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow
  • [108星][3y] projectretroscope/retroscope Public release of the RetroScope Android memory forensics framework
  • [99星][2y] [Py] trendmicro/defplorex 一种用于大规模电子犯罪取证的机器学习工具包
  • [98星][6y] [Py] matonis/page_brute a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys
  • [97星][5m] [Py] woanware/usbdeviceforensics Python script for extracting USB information from Windows registry hives
  • [96星][1m] [Py] airbus-cert/regrippy a framework for reading and extracting useful forensics data from Windows registry hives
  • [96星][2y] [JS] anttikurittu/kirjuri a web application for managing cases and physical forensic evidence items.
  • [93星][20d] [Py] log2timeline/dftimewolf A framework for orchestrating forensic collection, processing and data export
  • [88星][6m] [Go] coinbase/dexter Forensics acquisition framework designed to be extensible and secure
  • [87星][2y] [C++] google/aff4 The Advanced Forensic File Format
  • [86星][2y] [Py] cheeky4n6monkey/4n6-scripts Forensic Scripts
  • [85星][6m] [Py] quantika14/guasap-whatsapp-foresincs-tool WhatsApp Forensic Tool
  • [79星][3m] [Py] google/giftstick 1-Click push forensics evidence to the cloud
  • [78星][3y] [C++] jeffbryner/nbdserver Network Block Device Server for windows with a DFIR/forensic focus.
  • [78星][2y] [Py] trolldbois/python-haystack Process heap analysis framework - Windows/Linux - record type inference and forensics
  • [74星][2y] [Py] busindre/dumpzilla Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
  • [73星][2y] [C++] kasperskylab/forensicstools Tools for DFIR
  • [64星][2y] [Py] darkquasar/wmi_persistence Python脚本,直接解析 OBJECTS.DATA 文件(无需访问用户WMI 名称空间)查找 WMI persistence
  • [64星][1y] [Py] ralphje/imagemounter Command line utility and Python package to ease the (un)mounting of forensic disk images
  • [63星][3m] [C] carmaa/interrogate a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
  • [63星][2y] [Shell] yukinoshita47/pentest-tools-auto-installer Tool sederhana buat install tool-tool pentest dan forensic bagi pengguna linux yang jenis nya non-pentest OS
  • [61星][4y] [Py] sysinsider/usbtracker Quick & dirty coded incident response and forensics python script to track USB devices events and artifacts in a Windows OS (Vista and later).
  • [53星][5y] [Py] osandamalith/chromefreak A Cross-Platform Forensic Framework for Google Chrome
  • [50星][10d] [PS] s3cur3th1ssh1t/creds Some usefull Scripts and Executables for Pentest & Forensics
  • [46星][3y] [PS] n3l5/irfartpull PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.
  • [46星][1y] [Py] sentenza/gimp-ela A JPEG Error Level Analysis forensic plugin for the GNU Image Manipulation Program (GIMP)
  • [46星][8m] [YARA] xumeiquer/yara-forensics Set of Yara rules for finding files using magics headers
  • [43星][4m] [TSQL] abrignoni/dfir-sql-query-repo Collection of SQL query templates for digital forensics use by platform and application.
  • [43星][2y] [C#] zacbrown/hiddentreasure-etw-demo 在内存取证中,使用 ETW(Windows事件追踪) 挖掘宝藏的新方式
  • [42星][11d] [Py] simsong/dfxml Digital Forensics XML project and library
  • [40星][2y] [HTML] scorelab/androphsy An Open Source Mobile Forensics Investigation Tool for Android Platform
  • [39星][4y] [AutoIt] ajmartel/irtriage Incident Response Triage - Windows Evidence Collection for Forensic Analysis
  • [38星][2y] [C] adulau/dcfldd enhanced version of dd for forensics and security
  • [38星][2y] [Py] ytisf/muninn A short and small memory forensics helper.
  • [37星][10m] [Py] att/docker-forensics Tools to assist in forensicating docker
  • [36星][5y] [Py] eurecom-s3/actaeon Memory forensics of virtualization environments
  • [35星][8m] [Py] am0nt31r0/osint-search Useful for digital forensics investigations or initial black-box pentest footprinting.
  • [33星][2y] [C] weaknetlabs/byteforce Offline Digital Forensics Tool for Binary Files
  • [32星][1y] [Py] andreafortuna/autotimeliner 自动从volatile内存转储中提取取证时间线
  • [31星][7y] [Perl] appliedsec/forensicscanner Forensic Scanner
  • [31星][2y] [Py] bltsec/violent-python3 Python 3 scripts based on lessons learned from Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor.
  • [31星][5y] [Py] madpowah/forensicpcap pcap取证
  • [28星][6y] [Py] c0d3sh3lf/android_forensics Bypassing Android Pattern Lock
  • [27星][3y] [Java] animeshshaw/chromeforensics A tool to perform automated forensic analysis of Chrome Browser.
  • [26星][4y] [Py] cyberhatcoil/acf Android Connections Forensics
  • [24星][7y] [Ruby] chrislee35/flowtag FlowTag visualizes pcap files for forensic analysis
  • [24星][3y] [Py] forensicmatt/pancakeviewer A DFVFS Backed Forensic Viewer
  • [23星][3m] [Pascal] nannib/imm2virtual This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
  • [22星][2y] [C] lorecioni/imagesplicingdetection Illuminant inconsistencies for image splicing detection in forensics
  • [22星][1y] [C] paul-tew/lifer Windows link file forensic examiner
  • [22星][3m] [Py] circl/forensic-tools CIRCL system forensic tools or a jumble of tools to support forensic
  • [21星][2y] [Py] harris21/afot Automation Forensics Tool for Windows
  • [20星][5y] [JS] jonstewart/sifter Indexed search and clustering tool for digital forensics
  • [19星][3y] [Py] lukdog/backtolife Memory forensic tool for process resurrection starting from a memory dump
  • [18星][3y] [C++] nshadov/screensaver-mouse-jiggler Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)
  • [18星][20d] [Py] sekoialab/fastir_artifacts Live forensic artifacts collector
  • [17星][Java] marten4n6/email4n6 A simple cross-platform forensic application for processing email files.
  • [16星][9m] [Smarty] forensenellanebbia/xways-forensics Personal settings for X-Ways Forensics
  • [15星][2m] [Dockerfile] bitsofinfo/comms-analyzer-toolbox Tool for forensic analysis, search and graphing of communications content such as email MBOX files and CSV text message data using Elasticsearch and Kibana
  • [13星][10m] [Shell] matthewclarkmay/ftriage Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  • [13星][1y] theresafewconors/file-system-forensics Repo for Reports on forensic analysis of various File Systems (NoWare to Hide)
  • [11星][3y] [Py] nipunjaswal/wireless-forensics-framework Wireless Forensics Framework In Python
  • [11星][1y] [C++] shujianyang/btrforensics Forensic Analysis Tool for Btrfs File System.
  • [10星][2y] [PS] b2dfir/b2response Logged PS Remote Command Wrapper for Blue Team Forensics/IR
  • [10星][3y] [Py] sekoialab/fastir_server The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent
  • [9星][10m] [Perl] randomaccess3/4n6_stuff Git for me to put all my forensics stuff
  • [9星][8y] [Perl] superponible/search-strings-extension srch_strings is a useful tool in digital forensics. Using the "-t d" option will give a byte location for the string. This repository contains two scripts that automatically map the byte location to the filesystem block containing the string.
  • [9星][1y] [Py] svelizdonoso/logfishh Logs Forensic Investigator SSH
  • [9星][7y] [JS] thinkski/vinetto Forensic tool for examining Thumbs.db files
  • [8星][7y] [Py] agnivesh/aft [Deprecated] Android Forensic Toolkit
  • [8星][2y] asiamina/a-course-on-digital-forensics A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
  • [8星][2m] [PS] tvfischer/ps-srum-hunting PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
  • [7星][4m] [PS] 1cysw0rdk0/whodunnit A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
  • [7星][3y] dfax/dfax (DEPRECATED) Digital Forensic Analysis eXpression
  • [7星][1y] [Py] dlcowen/testkitchen Scripts from The Forensic Lunch Test Kitchen segments
  • [7星][3y] [Py] maurermj08/vftools An open source forensic toolkit built on dfVFS
  • [7星][2y] [Rust] rustensic/prefetchkit A powerful forensic commandline tool for analyzing Microsoft Prefetch files.
  • [7星][2y] socprime/muddywater-apt an APT group that has been active throughout 2017
  • [6星][4y] [C#] alphadelta/clearbytes Data forensic tool
  • [6星][6m] [Shell] hestat/calamity A script to assist in processing forensic RAM captures for malware triage
  • [5星][1y] [Shell] kpcyrd/booty Minimal forensic/exfiltration/evil-maid/rescue live boot system
  • [5星][8m] zmbf0r3ns1cs/bf-elk Burnham Forensics ELK Deployment Files
  • [5星][9m] [Py] obsidianforensics/scripts Small scripts and POCs related to digital forensics
  • [4星][5m] [Py] bradley-evans/cfltools A logfile analysis tool for cyberforensics investigators.
  • [4星][3y] jaredthecoder/codestock2017-stuxnet-forensic-analysis Slides and demo script for my talk at Codestock 2017
  • [4星][3y] [Py] rotenkatz/ecos_romfs_unpacker It is a simple ecos ROMFS unpacker for forensics and firmware analysis needs
  • [3星][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
  • [3星][1y] [Py] inp2/sherlock a digital forensic analysis toolkit that relies on graph theory, link analysis, and probabilistic graphical models in order to aid the examiner in digital forensic investigations.
  • [2星][2y] [Py] edisonljh/hadoop_ftk Hadoop File System Forensics Toolkit
  • [2星][C] enrico204/unhide A fork of original "unhide" forensics tool from SourceForge CVS
  • [2星][4m] [Py] docker-forensics-toolkit/toolkit A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
  • [2星][1m] [Py] thebeanogamer/hstsparser A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
  • [1星][3m] [Go] cdstelly/nugget A Domain Specific Language for Digital Forensics
  • [1星][3y] [C++] colinmckaycampbell/rapidfilehash Fast and powerful SHA256 hashing for malware detection and digital forensics.
  • [1星][6m] [Py] pagabuc/atomicity_tops Introducing the Temporal Dimension to Memory Forensics - ACM Transactions on Privacy and Security 2019
  • [1星][2y] [Py] trolldbois/python-haystack-reverse Memory forensics data structure reversing
  • [0星][4y] bedazzlinghex/disk-analysis Contains tools to perform malware and forensic analysis on disk
  • [0星][3y] [C] irq8/trackercat A GPS Forensics Utility to Parse GPX Files

LinuxDistro

  • [127星][11m] [Shell] wmal/kodachi Linux Kodachi operating system, based on Xubuntu 18.04, provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
  • [104星][6y] santoku/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
  • [13星][4y] nelenkov/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics

资源收集


Volatility


Sleuthkit

  • [1482星][11d] [C] sleuthkit/sleuthkit a library and collection of command line digital forensics tools that allow you to investigate volume and file system data.
  • [840星][9d] [Java] sleuthkit/autopsy a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
  • [26星][2m] blackbagtech/sleuthkit-apfs A fork of The Sleuthkit with Pooled Storage and APFS support. See
  • [6星][3y] [Pascal] nannib/nbtempow a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.
  • [1星][3m] [Shell] nannib/nbtempo a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format.

Rekall


bulk_extractor


反取证

  • [2736星][3y] [Py] hephaest0s/usbkill 反取证开关. 监控USB端口变化, 有变化时立即关闭计算机
  • [339星][2y] [C] natebrune/silk-guardian an anti-forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
  • [78星][2y] [C] elfmaster/saruman ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
  • [67星][3y] [Shell] trpt/usbdeath anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal
  • [35星][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
  • [20星][3y] [Py] ncatlin/lockwatcher Anti-forensic monitor program: watches for signs of tampering and purges keys/shuts everything down.
  • [15星][1y] [C#] thereisnotime/xxusbsentinel Windows anti-forensics USB monitoring tool.
  • [12星][5y] [C#] maldevel/clearlogs Clear All Windows System Logs - AntiForensics
  • [11星][3y] [Shell] phosphore/burn [WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles

macOS


iOS


Linux

贡献

内容为系统自动导出, 有任何问题请提issue

About

Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.