Resolução desafio Forense LAVA-JATO

PowerShell wrapper for WinDump

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select…

A GPS Forensics Utility to Parse GPX Files

Looks for files that looks suspicious in terms of forensics and could be worth further investigation.

Foremost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, so you can pick and choose which headers you want to look for.

Dockerfile with tools for analyzing malicious documents.

LSB engine with PIL to work with steganoed images

Charleston InfoSec Group Website

Set of helpers to visualize relations between events over time with Gephi

CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)

A bulk_extractor scanner plug-in to detect and validate Inland Revenue (IRD) Numbers

Perl FUSE driver for zero-storage file carving using scalpel -p

Python script to decode common encoded PowerShell scripts

Some scripts written while analyzing data with VAST

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely u…

Python tool for extracting common strings for Incident Responders

Forensic Analysis Tool for Btrfs File System.

parse MBR and Partition Table to extract MFT Entries

Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.