Laptop Forensics instruments are extra typically utilized by safety industries to check the vulnerabilities in community and purposes by amassing the proof to search out an indicator of compromise and take applicable mitigation Steps.
Right here yow will discover the Complete Laptop Forensics instruments checklist that covers Performing Forensics evaluation and
Collections of Laptop Forensics Instruments
Instruments
Distributions
Frameworks
- dff – Forensic framework
- IntelMQ – IntelMQ collects and processes safety feeds
- Laika BOSS – Laika is an object scanner and intrusion detection system
- PowerForensics – PowerForensics is a framework for reside disk forensic evaluation
- The Sleuth Equipment – Instruments for low stage forensic evaluation
- turbinia – Turbinia is an open-source framework for deploying, managing, and operating forensic workloads on cloud platforms
Stay forensics
- grr – GRR Fast Response: distant reside forensics for incident response
- Linux Expl0rer – Straightforward-to-use reside forensics toolbox for Linux endpoints written in Python & Flask
- mig – Distributed & actual time digital forensics on the pace of the cloud
- osquery – SQL powered working system analytics
Imaging
- dc3dd – Improved model of dd
- dcfldd – Completely different improved model of dd (this model has some bugs!, one other model is on github adulau/dcfldd)
- FTK Imager – Free imageing instrument for home windows
- Guymager – Open supply model for disk imageing on linux programs
Carving
extra at Malware Evaluation Record
- bstrings – Improved strings utility
- bulk_extractor – Extracts informations like e-mail adresses, creditscard numbers and histrograms of disk photos
- floss – Static evaluation instrument to robotically deobfuscate strings from malware binaries
- photorec – File carving instrument
Reminiscence Forensics
- inVtero.web – Excessive pace reminiscence evaluation framework developed in .NET helps all Home windows x64, contains code integrity and write assist.
- KeeFarce – Extract KeePass passwords from reminiscence
- Rekall – Reminiscence Forensic Framework
- volatility – The reminiscence forensic framework
- VolUtility – Internet App for Volatility framework
- BlackLight – Home windows/MacOS Laptop Forensics instruments shopper supporting hiberfil, pagefile, uncooked reminiscence evaluation.
- DAMM – Differential Evaluation of Malware in Reminiscence, constructed on Volatility.
- evolve – Internet interface for the Volatility Reminiscence Forensics Framework.
- FindAES – Discover AES encryption keys in reminiscence.
- inVtero.web – Excessive pace reminiscence evaluation framework developed in .NET helps all Home windows x64, contains code integrity and write assist.
- Muninn – A script to automate parts of research utilizing Volatility, and create a readable report.
- Rekall – Reminiscence evaluation framework, forked from Volatility in 2013.
- TotalRecall – Script based mostly on Volatility for automating numerous malware evaluation duties.
- VolDiff – Run Volatility on reminiscence photos earlier than and after malware execution, and report adjustments.
- Volatility – Superior reminiscence forensics framework.
- VolUtility – Internet Interface for Volatility Reminiscence Evaluation framework.
- WDBGARK – WinDBG Anti-RootKit Extension.
- WinDbg – Stay reminiscence inspection and kernel debugging for Home windows programs.
Community Forensics
- SiLK Instruments – SiLK is a collection of community site visitors assortment and Laptop Forensics instruments evaluation instruments
- Wireshark – The community site visitors evaluation instrument
- NetLytics – Analytics platform to course of community information on Spark.
Home windows Artifacts
OS X Forensics
Web Artifacts
- chrome-url-dumper – Dump all native saved infromation collected by Chrome
- hindsight – Web historical past forensics for Google Chrome/Chromium
Timeline Evaluation
- DFTimewolf – Framework for orchestrating Laptop Forensics instruments assortment, processing and information export utilizing GRR and Rekall
- plaso – Extract timestamps from numerous information and combination them
- timesketch – Collaborative forensic timeline evaluation
Disk picture dealing with
- aff4 – AFF4 is another, quick file format
- imagemounter – Command line utility and Python bundle to ease the (un)mounting of forensic disk photos
- libewf – Libewf is a library and a few instruments to entry the Knowledgeable Witness Compression Format (EWF, E01)
- xmount – Convert between completely different disk picture codecs
Decryption
Study forensics
CTFs
Sources
Books
extra at Advisable Readings by Andrew Case
File System Corpora
Blogs
Different
You’ll be able to comply with us on Linkedin, Twitter, Fb for each day Cybersecurity updates additionally you possibly can take the Greatest Cybersecurity programs on-line to maintain your self-updated.