forensic-analysis
Here are 214 public repositories matching this topic...
PowerShell wrapper for WinDump
-
Updated
Feb 18, 2017 - PowerShell
NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select…
-
Updated
Mar 29, 2017 - Pascal
A GPS Forensics Utility to Parse GPX Files
-
Updated
Apr 30, 2017 - C
Looks for files that looks suspicious in terms of forensics and could be worth further investigation.
-
Updated
May 31, 2017 - Python
Foremost is a Linux program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, so you can pick and choose which headers you want to look for.
-
Updated
Jul 21, 2017 - C
Dockerfile with tools for analyzing malicious documents.
-
Updated
Dec 3, 2017 - Shell
LSB engine with PIL to work with steganoed images
-
Updated
Mar 15, 2018 - Python
Charleston InfoSec Group Website
-
Updated
Mar 30, 2018 - HTML
Set of helpers to visualize relations between events over time with Gephi
-
Updated
Apr 13, 2018 - Python
CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)
-
Updated
Apr 18, 2018 - Shell
A bulk_extractor scanner plug-in to detect and validate Inland Revenue (IRD) Numbers
-
Updated
May 22, 2018 - Lex
Perl FUSE driver for zero-storage file carving using scalpel -p
-
Updated
Jun 11, 2018 - Perl
Python script to decode common encoded PowerShell scripts
-
Updated
Jun 13, 2018 - Python
Some scripts written while analyzing data with VAST
-
Updated
Jun 15, 2018 - Shell
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely u…
-
Updated
Aug 4, 2018 - Python
Python tool for extracting common strings for Incident Responders
-
Updated
Aug 4, 2018 - Python
Forensic Analysis Tool for Btrfs File System.
-
Updated
Aug 6, 2018 - C++
parse MBR and Partition Table to extract MFT Entries
-
Updated
Oct 12, 2018 - Python
Simple Powershell scripts to collect all Windows Event Logs from a host and parse them into one CSV timeline.
-
Updated
Oct 13, 2018 - PowerShell
Improve this page
Add a description, image, and links to the forensic-analysis topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the forensic-analysis topic, visit your repo's landing page and select "manage topics."