forensics

There are 138 repositories under forensics topic.

• ImHex

  WerWolv / ImHex

  🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

  analyzerbinary-analysisc-plus-pluscybersecuritydark-modedear-imguidisassemblerforensicshackinghacktoberfesthex-editoripsmathematical-evaluatormulti-platformpattern-languagepreprocessorreverse-engineeringstatic-analysiswindows
  Language:C++ 33140

• radareorg / radare2

  UNIX-like reverse engineering framework and command-line toolset

  binary-analysisccommandlinedisassemblerforensicshacktoberfestmalware-analysisradare2reverse-engineeringsecurity
  Language:C 19686
• kubeshark

  kubeshark / kubeshark

  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

  kubernetesmicroservicesgolangrestgrpcamqpkafkaredisgomicroservicemicroservices-applicationdevopsdevops-toolssnifferobservabilitywiresharkcloud-nativedockerforensicsincident-response
  Language:Go 10589

• mvt-project / mvt

  MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

  androidforensicsforensics-toolsiosmobilesecurity
  Language:Python 9844
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  securitysecurity-toolssecurity-auditsecurity-hardeninghardeningawscis-benchmarkcompliancegdprforensicscloudwell-architecteddevsecopsazureiampythongcpmulti-cloud
  Language:Python 9626

• rmusser01 / Infosec_Reference

  An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

  infosecinfosec-referencereverse-engineeringhackingpentestingpenetration-testingreferenceslinuxprivilege-escalationinformation-securityblueteamred-teamwindowsosxforensicshacking-simulatorprivilege-escalation-exploitshacktoberfesthacktoberfest2021
  Language:CSS 5368

• Hack-with-Github / Free-Security-eBooks

  Free Security and Hacking eBooks

  securityhackingpenetration-testinghacking-ebooksforensicshackers-handbookcloud-securitykali-linuxcyber-securityebooks
  4151

• toolswatch / blackhat-arsenal-tools

  Official Black Hat Arsenal Security Tools Repository

  blackhatarsenalsecurity-toolshacking-toolsecurity-scannerforensicsics-scadawebapphacking
  3734

• jekil / awesome-hacking

  Awesome hacking is an awesome collection of hacking tools.

  curated-listforensicshackinghacking-toolsmalwarepenetration-testingsecuritysecurity-tools
  Language:Python 2838

• decalage2 / oletools

  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

  pythonpython-libraryolefilemalware-analysisms-office-documentscompoundrtfforensicsole-filessecurityparserpyparsingvbamacros
  Language:Python 2752

• WithSecureLabs / chainsaw

  Rapidly Search and Hunt through Windows Forensic Artefacts

  attackrustsecuritythreat-huntingblueteamchainsawdetectiondfirforensicslogssigmawindowscountercept
  Language:Rust 2562
• timesketch

  google / timesketch

  Collaborative forensic timeline analysis

  forensicsdfirsecuritytimelineanalysis
  Language:Python 2499

• sleuthkit / sleuthkit

  The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

  forensicsincident-responsentfssleuthkittct
  Language:C 2487

• sleuthkit / autopsy

  Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

  forensicsjava
  Language:Java 2259

• volatilityfoundation / volatility3

  Volatility 3.0 development

  digital-investigationforensicsincident-responsemalwarememorypythonramvolatilityvolatility-framework
  Language:Python 2239

• dreddsa5dies / goHackTools

  Hacker tools on Go (Golang)

  gogolanghacktoolsbruteforcescannerforensicsbeginnersecurityhackerspentesters
  Language:Go 2085

• Yamato-Security / hayabusa

  Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

  dfirthreathuntingwindowseventlogsrustsigmadetectionattackforensicsincidentresponsehayabusayamatosecuritycybersecurityincident-responsesecurity-automationthreat-hunting
  Language:Rust 1970

• simsong / tcpflow

  TCP/IP packet demultiplexer. Download from:

  digital-forensicsforensicstcp-protocoltcpip
  Language:C++ 1646

• Srinivas11789 / PcapXray

  :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  forensicspcapnetworkpythoncomputer-forensicstor-trafficforensic-analysiscybersecuritynetwork-diagramtortrafficpacketssecurity
  Language:Python 1645

• log2timeline / plaso

  Super timeline all the things

  forensicsparsingtimeline
  Language:Python 1628
• MemLabs

  stuxnet999 / MemLabs

  Educational, CTF-styled labs for individuals interested in Memory Forensics

  forensicsdfirmemory-forensicswindowsctfctf-challengesdigital-forensicssecuritycybersecurity
  Language:Shell 1558

• danieldurnea / FBI-tools

  🕵️ OSINT Tools for gathering information and actions forensics 🕵️

  awesomeawesome-listbug-bountycybersecurityforensicshackingincident-responseinfosecosintpenetration-testingpentestingreconnaissancesecuritysecurity-automationsecurity-tools
  1515

• frankwxu / digital-forensics-lab

  Free hands-on digital forensics labs for students and faculty

  cybersecuritydigitaleducationforensicsfreecybercybercrimecybersecurity-educationinvestigationhands-on
  Language:Roff 1396
• Digital-Forensics-Guide

  mikeroyal / Digital-Forensics-Guide

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  digitalforensicsdigitalforensicreadinessforensicssecurityforensics-toolsdigital-forensicsthreat-intelligenceintrusion-detectionmitre-attackdetection-engineeringnetwork-securityoffensive-securitycyber-securityport-scanningsiemalertingforensic-analysisforensics-investigationsosintdfir
  Language:Python 1364
• andriller

  den4uk / andriller

  📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

  forensicspythonandroid
  Language:Python 1260
• RecoverPy

  PabloLec / RecoverPy

  Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal

  cliconsolecybersecuritydatadata-recoveryfilesforensicshackinglinuxmacospentestingpythonpython3recoverysearchsearch-interfaceterminaltextualtooltui
  Language:Python 1174
• usbrip

  snovvcrash / usbrip

  Tracking history of USB events on GNU/Linux

  securityforensicsusb-eventsusb-historyusb-devices
  Language:Python 1145

• cecio / USBvalve

  Expose USB activity on the fly

  badusbforensicsmalwareusbusb-hid
  Language:C 1103
• hindsight

  obsidianforensics / hindsight

  Web browser forensics for Google Chrome/Chromium

  google-chromehindsightchromeforensicsdfir
  Language:Python 1021
• ForensicsTools

  mesquidar / ForensicsTools

  A list of free and open forensics analysis tools and other resources

  forensicsdigital-forensicscomputer-foreforensic-analysisforensics-investigationsforensic-toolstoolsfreeopen-sourceawesome-listmetadametadataimage-analysistimelinenetworkwindowsmacoslinux
  898
• hackdroid

  thehackingsage / hackdroid

  Security Apps for Android

  androidapkappscryptographydosforensicshacking-toolhid-attacksmitmnetworkingpenetration-testingpentestingprivacysecuritysniffingterminalwireless
  883

• ion-storm / sysmon-config

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.

  sysmonthreatintelthreat-huntingnetsecsysinternalslogginggrayloggraylog-plugindfirthreat-intelligencethreat-sharingthreat-analysismitre-attackdigitalforensicsforensic-analysisforensicartifactsforensicssiemsigma-ruleshumio
  Language:PowerShell 752

• ydkhatri / mac_apt

  macOS (& ios) Artifact Parsing Tool

  dfirforensicsmacos
  Language:Python 719

• google / turbinia

  Automation and Scaling of Digital Forensics Tools

  forensicsdfirsecuritysecurity-automationcloud
  Language:Python 714

• Yamato-Security / WELA

  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  dfirloganalysisforensicsincidentresponsesigmawindowseventlogsthreathuntingtimeline
  Language:PowerShell 678

• williballenthin / python-evtx

  Pure Python parser for Windows Event Log files (.evtx)

  event-logevtxforensics
  Language:Python 677