Automation Forensics Tool for Windows
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
CODE_OF_CONDUCT.md
CONTRIBUTING.md
LICENSE
README.md
afot.py

README.md

Automation FOrensics Tool

The Automation FOrensics Tool (AFOT) is an automation tool build in Python and used for Windows Forensics in order to combine the following tools:

Requirements

The script makes use of Python version 2.7, but it will most likely work with Python 3. You will need to have PIP installed in your system. Please see python docs for details.

You should have your own a VirusTotal api key. Just create an account in VirusTotal website and grab the api key. Then add it as the __VIRUSTOTALAPIKEY__ value.

Usage

Just run python afot.py in your terminal.

Procedure

So the procedure is pretty straight-forward:

  • The user provides the path, which will be used to analyze all the executables included in those folders/subfolders.
  • AnalyzePESig looks for signed executables, whom certificate will soon be revoked.
  • AFOT will collect all the non-signed executables and cross-check them with NSRL's hashset database, using the NSRL tool.
  • Last but not least, if any hashes were found to be in NSRL's hashset database too, we cross-check those hashes with VirusTotal, using the VirusTotal Search tool.

Contributing

Please see CONTRIBUTING for details.

License

The MIT License (MIT). Please see License File for more information.