ALFA: Automated Audit Log Forensic Analysis for Google Workspace
ALFA – Automated Audit Log Forensic Analysis for Google Workspace You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the...
ALFA – Automated Audit Log Forensic Analysis for Google Workspace You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the...
YAMA YAMA is a system for generating scanners that can inspect specific malware during incident response. The scanner generated by YAMA is designed to explore the memory of Windows OS...
ThreatScraper ThreatScraper is a Python-based tool designed to check virus information by using VirusTotal API. It offers functionalities such as scheduling the checking at specific times, showing and saving the...
varc (Volatile Artifact Collector) varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating...
z9 PowerShell Log Analyzer This tool detects the artifact of the PowerShell-based malware from the eventlog of PowerShell logging. The strength of PowerShell scripts lies in their ability to run...
Microsoft-Extractor-Suite Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft. The following Microsoft data sources...
HASH (HTTP Agnostic Software Honeypot) HASH is a framework for creating and launching low interactive honeypots. Why HASH? The main philosophy of HASH is to be easy to configure and...
Trawler Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications,...
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up...
T3SF – Technical Tabletop Exercises Simulation Framework T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together...
MemTracer MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in...
Microsoft Section52 ICS Forensics Tools Microsoft Section52 Industrial Control Systems Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft Section52 ICS Forensics...
C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control (C2) traffic from malwares in real time. The program uses a unique approach by hooking into...
Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each...
Gold Digger Search files for gold Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files...