Skip to main content

Tags: Forensics

Yago Jesus and Patrick Gouin

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. // Unhide (ps) Detecting hidden processes. Implements six techniques * Compare /proc vs /bin/ps output * Compare inf ...

Category Forensic Tools
The SANS Institute

The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidenc ...

Rifiuti2 analyses recycle bin files from Windows. Rifiuti2 can extract file deletion time, original path and size of deleted files. For more ancient versions of Windows, it can also check whether deleted items were not in recycle bin anymore (that is, eit ...

Category Forensic Tools
Rifiuti2

The iVe Ecosystem is a collection of tools that supports investigators throughout the entire vehicle forensics process with a mobile application for identifying vehicles, a hardware kit for acquiring systems, and forensic software for analyzing data. &nb ...

iVE Ecosystem - Vehicle Forensics
Jake Williams

ADD is a physical memory anti-analysis tool designed to pollute memory with fake artifacts. This tool was first presented at Shmoocon 2014. Please note that this is a proof of concept tool. It forges OS objects in memory (poorly). It would be easy (very e ...

FOR572: Advanced Network Forensics and Analysis, was built from the ground up to cover the most critical skills needed to mount efficient and effective post-incident response investigations. It focuses on the knowledge necessary to expand the forensic min ...

oxygen forensics

Oxygen Forensic Extractor offers OEM system builders and hardware manufacturers a unique opportunity to integrate a time-proven forensic acquisition system to their hardware-based solution without spending years developing in-house software. Oxygen Forens ...

Category Forensic Tools
Oxygen Forensic Extractor
Oxygen Forensics

Oxygen Forensic Extractor for Clouds is a forensic program that allows to extract data from cloud services and save it on PC in a readable format. Authentication is required to get access to the cloud data. A forensic expert needs to enter account credent ...

Category Forensic Tools
Michael Ahrendt

Triage-IR is a script written by Michael Ahrendt, which will collect system information, network information, registry hives, disk information and will also dump memory. One of the capabilities of Triage-IR is collecting information from Volume Shadow Cop ...

Category Forensic Tools
Triage-IR

Belkasoft X (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile and cloud forensics. It can help you to acquire and analyze a wide range of mobile devices, run various analytical tasks, perform case-wide searches, bookmark a ...

Category Forensic Tools
Belkasoft Evidence Center Portable
Lenny Zeltser

REMnux™ is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can exami ...

REMnux
US Army Research Lab

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features:Robust stream reassemblyIPv4 and IPv6 supportCustom output handlersChainable decoders