forensics

There are 136 repositories under forensics topic.

• ImHex

  WerWolv / ImHex

  🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

  analyzerbinary-analysisc-plus-pluscybersecuritydark-modedear-imguidisassemblerforensicshackinghacktoberfesthex-editoripsmathematical-evaluatormulti-platformpattern-languagepreprocessorreverse-engineeringstatic-analysiswindows
  Language:C++ 32877

• radareorg / radare2

  UNIX-like reverse engineering framework and command-line toolset

  binary-analysisccommandlinedisassemblerforensicshacktoberfestmalware-analysisradare2reverse-engineeringsecurity
  Language:C 19612
• kubeshark

  kubeshark / kubeshark

  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

  amqpcloud-nativedevopsdevops-toolsdockerforensicsgogolanggrpcincident-responsekafkakubernetesmicroservicemicroservicesmicroservices-applicationobservabilityredisrestsnifferwireshark
  Language:Go 10543

• mvt-project / mvt

  MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

  androidforensicsforensics-toolsiosmobilesecurity
  Language:Python 9788
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  awsazurecis-benchmarkcloudcompliancedevsecopsforensicsgcpgdprhardeningiammulti-cloudpythonsecuritysecurity-auditsecurity-hardeningsecurity-toolswell-architected
  Language:Python 9533

• rmusser01 / Infosec_Reference

  An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

  infosecinfosec-referencereverse-engineeringhackingpentestingpenetration-testingreferenceslinuxprivilege-escalationinformation-securityblueteamred-teamwindowsosxforensicshacking-simulatorprivilege-escalation-exploitshacktoberfesthacktoberfest2021
  Language:CSS 5358

• Hack-with-Github / Free-Security-eBooks

  Free Security and Hacking eBooks

  securityhackingpenetration-testinghacking-ebooksforensicshackers-handbookcloud-securitykali-linuxcyber-securityebooks
  4139

• toolswatch / blackhat-arsenal-tools

  Official Black Hat Arsenal Security Tools Repository

  arsenalblackhatforensicshackinghacking-toolics-scadasecurity-scannersecurity-toolswebapp
  3720

• jekil / awesome-hacking

  Awesome hacking is an awesome collection of hacking tools.

  hackinghacking-toolscurated-listpenetration-testingforensicsmalwaresecuritysecurity-tools
  Language:Python 2823

• decalage2 / oletools

  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  pythonpython-libraryolefilemalware-analysisms-office-documentscompoundrtfforensicsole-filessecurityparserpyparsingvbamacros
  Language:Python 2744

• WithSecureLabs / chainsaw

  Rapidly Search and Hunt through Windows Forensic Artefacts

  attackrustsecuritythreat-huntingblueteamchainsawdetectiondfirforensicslogssigmawindowscountercept
  Language:Rust 2542
• timesketch

  google / timesketch

  Collaborative forensic timeline analysis

  forensicsdfirsecuritytimelineanalysis
  Language:Python 2488

• sleuthkit / sleuthkit

  The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

  sleuthkittctntfsforensicsincident-response
  Language:C 2472

• sleuthkit / autopsy

  Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

  forensicsjava
  Language:Java 2236

• volatilityfoundation / volatility3

  Volatility 3.0 development

  digital-investigationforensicsincident-responsemalwarememorypythonramvolatilityvolatility-framework
  Language:Python 2206

• dreddsa5dies / goHackTools

  Hacker tools on Go (Golang)

  gogolanghacktoolsbruteforcescannerforensicsbeginnersecurityhackerspentesters
  Language:Go 2081

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  dfirthreathuntingwindowseventlogsrustsigmadetectionattackforensicsincidentresponsehayabusayamatosecuritycybersecurityincident-responsesecurity-automationthreat-hunting
  Language:Rust 1927

• Srinivas11789 / PcapXray

  :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  forensicspcapnetworkpythoncomputer-forensicstor-trafficforensic-analysiscybersecuritynetwork-diagramtortrafficpacketssecurity
  Language:Python 1643

• simsong / tcpflow

  TCP/IP packet demultiplexer. Download from:

  digital-forensicsforensicstcp-protocoltcpip
  Language:C++ 1642

• log2timeline / plaso

  Super timeline all the things

  forensicsparsingtimeline
  Language:Python 1618
• MemLabs

  stuxnet999 / MemLabs

  Educational, CTF-styled labs for individuals interested in Memory Forensics

  forensicsdfirmemory-forensicswindowsctfctf-challengesdigital-forensicssecuritycybersecurity
  Language:Shell 1549

• danieldurnea / FBI-tools

  🕵️ OSINT Tools for gathering information and actions forensics 🕵️

  forensicsosintcybersecurityhackingsecurity-automationsecurity-toolsinfosecawesome-listincident-responsepenetration-testingreconnaissancesecurityawesomepentestingbug-bounty
  1492

• frankwxu / digital-forensics-lab

  Free hands-on digital forensics labs for students and faculty

  cybersecuritydigitaleducationforensicsfreecybercybercrimecybersecurity-educationinvestigationhands-on
  Language:Roff 1377
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 1337
• andriller

  den4uk / andriller

  📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

  forensicspythonandroid
  Language:Python 1252
• RecoverPy

  PabloLec / RecoverPy

  Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal

  python3tuidatarecoverycybersecuritypythoncliconsoleterminallinuxsearch-interfacemacospentestingsearchfilestoolhackingtextualforensicsdata-recovery
  Language:Python 1169
• usbrip

  snovvcrash / usbrip

  Tracking history of USB events on GNU/Linux

  securityforensicsusb-eventsusb-historyusb-devices
  Language:Python 1147

• cecio / USBvalve

  Expose USB activity on the fly

  badusbforensicsmalwareusbusb-hid
  Language:C 1055
• hindsight

  obsidianforensics / hindsight

  Web browser forensics for Google Chrome/Chromium

  google-chromehindsightchromeforensicsdfir
  Language:Python 1015
• hackdroid

  thehackingsage / hackdroid

  Security Apps for Android

  androidapkappscryptographydosforensicshacking-toolhid-attacksmitmnetworkingpenetration-testingpentestingprivacysecuritysniffingterminalwireless
  878
• ForensicsTools

  mesquidar / ForensicsTools

  A list of free and open forensics analysis tools and other resources

  forensicsdigital-forensicscomputer-foreforensic-analysisforensics-investigationsforensic-toolstoolsfreeopen-sourceawesome-listmetadametadataimage-analysistimelinenetworkwindowsmacoslinux
  877

• ion-storm / sysmon-config

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

  sysmonthreatintelthreat-huntingnetsecsysinternalslogginggrayloggraylog-plugindfirthreat-intelligencethreat-sharingthreat-analysismitre-attackdigitalforensicsforensic-analysisforensicartifactsforensicssiemsigma-ruleshumio
  Language:PowerShell 749

• ydkhatri / mac_apt

  macOS (& ios) Artifact Parsing Tool

  dfirforensicsmacos
  Language:Python 716

• google / turbinia

  Automation and Scaling of Digital Forensics Tools

  forensicsdfirsecuritysecurity-automationcloud
  Language:Python 711

• Yamato-Security / WELA

  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  dfirloganalysisforensicsincidentresponsesigmawindowseventlogsthreathuntingtimeline
  Language:PowerShell 676

• williballenthin / python-evtx

  Pure Python parser for Windows Event Log files (.evtx)

  event-logevtxforensics
  Language:Python 675