π§©Forensics
Last updated
Last updated
SaferWall : https://github.com/saferwall/saferwall
Noriben (Python, Sysmon) : https://github.com/Rurik/Noriben
Virus Total : https://virustotal.com
Any Run : https://any.run/
Cuckoo : https://cuckoo.cert.ee/
Cape Sandbox : https://capesandbox.com/
Ghiro is a fully automated tool designed to run forensics analysis over a massive amount of images, just using an user friendly and fancy web application.
Username: ghiro
Password: ghiromanager
An autostereogram (also known as Magic Eye) is a 2D image designed to create the illusion of 3D. In each image, there is a 3D object that can only be viewed by looking at the image a certain way, as if the screen was transparent and you looked at the wall behind it.
Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence.
FTK Imager : disk and RAM acquisition under Windows
sleuthkit : NTFS analysis
Volatility is a tool that can be used to analyze a volatile memory of a system. You can inspect processes, look at command history, and even pull files and passwords from a system without even being on the system.
In volatility, there exists an attribute named malfind. This is actually an inbuilt plugin and can be used for malicious process detection.
Universal Serial Bus flash drives, commonly known as USB flash drives are the most common storage devices which can be found as evidence in Digital Forensics Investigation. The digital forensic investigation involves following a defined procedure for investigation which needs to be performed in such a manner that the evidence isnβt destroyed.
PEiD : packer identification on Windows binary
Procmon.exe (from Sysinternals) : Monitoring of API used by malwares, registry base monitoring
Sysmon.exe (from Sysinternals) : Executable file behavior analysis
binwalk : Analyze headers / magic numbers
Suricata : IDS and OCAP analysis
https://www.snort.org/ : IDS
Network Miner (not free) : PCAP analysis
https://packetlife.net/ : filter for tcpdump and wireshark
