Description: strings.py will take a text file containing the output from utilities such as strings or floss, search the file for file/directory paths and .dll files. This will aid the malware analyst in locating items of interest while triaging malware.
The script will output the findings into text files utilizing the <malware_type>_<finding_type>.txt naming scheme.
Script has the following permissions: 766 The user will not need to call the Python3 interpreter to execute the script. ./strings.py -i <text_file> -o <malware_type>
DescriptionL file_hash.sh will generate a text file containing the MD5 and SHA256 hash values for a given file. Output can be copied into DFIR incident notes or used to verify file's level of maliciousness on virustotal.
Script will also output hash values to the terminal for analyst's ease of use.
Script has the following permissions: 766 The user will not need to call the bash interpreter to execute the script. ./file_hash.sh <file_name> ./file_hash.sh <path/to/file_name>
DescriptionL file_hash.ps1 will generate a text file containing the MD5 and SHA256 hash values for a given file. Output can be copied into DFIR incident notes or used to verify file's level of maliciousness on virustotal.
Script will also output hash values to the terminal for analyst's ease of use.
./file_hash.ps1 <file_name> ./file_hash.ps1 <path/to/file_name>