Examine, create and interact with remote objects in other .NET processes.
-
Updated
Jun 1, 2024 - C#
Examine, create and interact with remote objects in other .NET processes.
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
Windows Forensics Environment Builder
Avilla Forensics 3.0
A user friendly app for retrieving and consolidating windows system information
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Windows anti-forensics made easy
Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.
Avilla Forensics 3.0: Avilla Forensics is a comprehensive and feature-rich tool for mobile forensics, offering a wide range of functionalities for both Android and iOS devices. The tool’s integration with various third-party tools enhances its capabilities.
The PE-Inspector can be used to gather information about any PE-File in Windows. It works with both 32bit and 64bit files.
"Abdal FileWatcher" by Ebrahim Shafiei: A cross-platform, open-source file monitoring tool tailored for security experts.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
CDIR Analyzer - parsers for data collected by CDIR Collector
RAMDumpExplorer is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values. The program is written in C# and utilizes async/await to process the dump file in a non-blocking manner.
This repository is a mirror of https://gitlab.com/sequence/connectors/Microsoft365
ToyProject_Like NTFSwalker
A post-exploitation tool to decrypt SolarPutty's sessions files
Add a description, image, and links to the forensics topic page so that developers can more easily learn about it.
To associate your repository with the forensics topic, visit your repo's landing page and select "manage topics."