Forensics
Last updated
Was this helpful?
Last updated
Was this helpful?
SaferWall :
Cuckoo :
Noriben (Python, Sysmon) :
Virus Total :
Any Run :
Cuckoo :
Cape Sandbox :
Ghiro is a fully automated tool designed to run forensics analysis over a massive amount of images, just using an user friendly and fancy web application.
Username: ghiro
Password: ghiromanager
An autostereogram (also known as Magic Eye) is a 2D image designed to create the illusion of 3D. In each image, there is a 3D object that can only be viewed by looking at the image a certain way, as if the screen was transparent and you looked at the wall behind it.
Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence.
Volatility is a tool that can be used to analyze a volatile memory of a system. You can inspect processes, look at command history, and even pull files and passwords from a system without even being on the system.
In volatility, there exists an attribute named malfind. This is actually an inbuilt plugin and can be used for malicious process detection.
Universal Serial Bus flash drives, commonly known as USB flash drives are the most common storage devices which can be found as evidence in Digital Forensics Investigation. The digital forensic investigation involves following a defined procedure for investigation which needs to be performed in such a manner that the evidence isnβt destroyed.
: deleted files retrieval
: deleted files retrieval
: acquisition tool (enhanced dd)
: acquisition tool (enhanced dd)
: disk and RAM acquisition under Windows
: NTFS analysis
: packer identification on Windows binary
: Monitoring of API used by malwares, registry base monitoring
: Executable file behavior analysis
: Analyze headers / magic numbers
: IDS and OCAP analysis
: IDS
(not free) : PCAP analysis
: filter for tcpdump and wireshark
