OSSEM The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating...
ProcMonX Extended Process Monitor-like tool based on Event Tracing for Windows The classic Sysinternals tool Process Monitor uses a file system mini-filter, registry mini-filter, and process/thread callbacks to get the information...
Brute Shark Brute Shark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network...
Introduction “Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of...
What’s Dispatch? Put simply, Dispatch is: All of the ad-hoc things you’re doing to manage incidents today, done for you, and a bunch of other things you should’ve been doing,...
HoneyBot Cloud-based PCAP analysis; powered by PacketTotal.com HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently, this library provides three scripts: capture-and-analyze.py –...
WhatsApp Media Decrypt A recent high-profile forensic investigation reported that “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file] to determine...
HSTS Parser HSTS Parser is a simple tool to parse Firefox and Chrome’s HSTS databases into actually helpful forensic artifacts! You can read more about the research behind this tool...
O365beat O365beat is an open-source log shipper used to fetch Office 365 audit logs from the Office 365 Management Activity API and forward them with all the flexibility and capability provided...
awslogs awslogs is a simple command-line tool for querying groups, streams, and events from Amazon CloudWatch logs. One of the most powerful features is to query events from several streams and consume...
Andriller CE (Community Edition) Andriller – is a software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has...
Dsiem Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, performs lookup/query to...
EXIST (EXternal Information aggregation System against cyber Threat) EXIST is a web application for aggregating and analyzing CTI (cyber threat intelligence). EXIST is written by the following software. Python 3.5.1...
fingerprint Monitoring Registry and File Changes in Windows – forensic analytics for windows registry and files “fingerprint” records the state of a windows system, in terms of files and registry....
Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original...
Support Securityonline.info site. Thanks!
