Beast code in Giters

0xNisarg's starred repositories

mkdocs-material

Documentation that simply works

Language:HTMLMIT19303 128 2353

pics

File formats dissections and more...

Language:Assembly10397 362 14

LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Language:PythonNOASSERTION2671 136 122

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

Language:CGPL-2.01669 81 90

hindsight

Web browser forensics for Google Chrome/Chromium

Language:PythonApache-2.01040 67 85

Kuiper

Digital Forensics Investigation Platform

Language:JavaScript740 34 71

kaitai_struct_formats

Kaitai Struct: library of binary file formats (.ksy)

Language:Kaitai Struct696 38 232

ssdeep

Fuzzy hashing API and fuzzy hashing tool

Language:CGPL-2.0646 30 31

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

MIT625 60 194

CyLR

CyLR - Live Response Collection Tool

Language:C#GPL-3.0613 32 74

mboxviewer

A small but powerfull app for viewing MBOX files

Language:C++NOASSERTION396 21 61

regf

Windows registry file format specification

313 26 2

kaitai_struct_visualizer

Kaitai Struct: visualizer and hex viewer tool

Language:RubyGPL-3.0278 21 40

HollowFind

Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.

Language:Python127 12 5

libregf

Library and tools to access the Windows NT Registry File (REGF) format

Language:CLGPL-3.0101 16 11

sidr

Search Index Database Reporter

Language:RustNOASSERTION77 3 5

prefetch-hash-cracker

A small util to brute-force prefetch hashes

Language:RustMIT70 50

EventTranscriptParser

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Language:PythonMIT68 50

WinEDB

Windows.EDB Browser

Language:PowerShellMIT50 40

ArtifactParsers

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

MIT49 2 3

DeepSound-2.0

DeepSound is a steganography tool and audio converter that hides secret data into audio files.

NOASSERTION4700

Prefetch-Browser

Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's

Language:PowerShellMIT40 3 1

Psinfo

Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any process anamoly without having to run multiple plugins.

Language:Python34 7 2

nisargsuthar