web
analytics

Recently Added Tools

Directory: Recently Added Listings RSS

RegRipper GUI

0 reviews

thinkdfir.com/2017/09/12/regripper-gui/

The rationale behind it is that you can quickly run plugins without having to look up which hives they relate to, and you can quickly click through and add them to a text report. If the plugin indicates that it relates to multiple plugins then the GUI wi ...
Read More...

lifer

0 reviews

github.com/Paul-Tew/lifer

A forensic tool for Windows link file examinations (i.e. Windows shortcuts) SYNOPSIS 'lifer' is a Windows or *nix command-line tool inspired by the whitepaper 'The Meaning of Link Files in Forensic Examinations' by Harry Parsonage and available here. It ...
Read More...

www.metaspike.com/forensic-email-collector/

Description: Forensic Email Collector (FEC) is a digital forensics software developed by Metaspike. FEC connects to cloud email providers and forensically preserves email evidence.   Features: Connects to Microsoft Exchange servers via Exchange Web Ser ...
Read More...

Category:Email

cybercrimetech.com/2017/08/Password-Cracking-Test-Data.html

Here are some files to test your password cracking skills. All of them can be done in less than a few hours with CPU-based cracking. You can download the file and practice hash extraction + cracking, or just download the hashes directly.

github.com/EricZimmerman/AppCompatCacheParser

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10

fuse-mft

0 reviews

www.williballenthin.com/forensics/mft/fuse_mft/

fuse-mft is a FUSE file system driver for MFT files. It allows an analyst to mount the file system tree defined by an MFT on their analysis machine. Then, they can use familiar command line or graphical tools to explore the contents. fuse-mft uses the met ...
Read More...

Category:MFT

RustyLnk

0 reviews

github.com/forensicmatt/RustyLnk

A fast and cross platform LNK Parser written in Rust that gives you the ability to query the records via JMESPath queries. Output is JSONL.   RusyLnk 0.1.0 Matthew Seyer <https://github.com/forensicmatt/RustyLnk> LNK Parser written in Rust. U ...
Read More...

macMRU-Parser

0 reviews

github.com/mac4n6/macMRU-Parser

Python script to parse the Most Recently Used (MRU) plist files on macOS into a more human friendly format.  

Category:Misc

github.com/sqlitebrowser/sqlitebrowser/releases/tag/v3.10.0-

All builds (both Windows and MacOS X) include SQLCipher for strong encryption. The version of SQLCipher included is a bit old. Our next beta or Release Candidate will include the newest version. The initial DBHub.io (remote dock) code still needs work ...
Read More...

hashdb archives

0 reviews

peekatorrent.org/data.html

Our datasets We offer both data in raw format (archives of random torrent files), as well as pre-processed hasdhbdatabases. Make sure to run "7z x" to extract the archives to keep the folder structure intact, some file systems have troubles with a large ...
Read More...

Category:Hash

securcube.net/bts-tracker/

The BTS (Base Transceiver Station) measurement is a rising forensics analysis able to fulfil lack of clues given by the mobile devices. Securcube®BTS Tracker performs the scan of the real cell towers coverage, that is the current ‘performance’ of the radi ...
Read More...

Category:Misc

securcube.net/phonelog/

Securcube®Phonelog, software for the cross-analysis of CDRs (Call Detail Records), historical cell site location information (HCSLI), namely CSA, mobile extraction contents, GPS tracks and much more, can efficiently reply to every investigative expectatio ...
Read More...

Category:Misc

github.com/vitaly-kamluk/bitscout

Bitscout 2.0 Date: July 2017 Author: Vitaly Kamluk // Vitaly.Kamluk [at] kaspersky[.]com This project is created by security researchers for security researchers. In addition, it can be useful to Law Enforcement and private companies that assist t ...
Read More...

Category:Misc

strangelyrelevant.blogspot.com/2013/08/jackcr-issa-2013-netw

Unlike @JackCR's previous challenges, this one is 1. from a Linux server, and 2. does not have a memory component. Well, that is not entirely accurate, there is a memory dump but it is not usable because of the way that vmss2core produces a file that is n ...
Read More...

blog.mywarwithentropy.com/2014/11/spy-hunter-holiday-challen

This holiday season I have created a network forensics challenge for the community to try and solve. This scenario, called “Spy Hunter – Operation Hermes” is the first in a new series I am going to create and publish here at My War With Entropy.

p0wnlabs

0 reviews

www.p0wnlabs.com/free/vms

The community has coughed up some classic distributions full of juicy targets and p0wnlabs is testing out a program to host them for your hacking pleasure. Simply configure your system to connect to p0wnlabs via openvpn and hack away!

opensecuritytraining.info/ReverseEngineeringMalware.html

All material is licensed with an open license like CreativeCommons, allowing anyone to use the material however they see fit, so long as they share modified works back to the community.

www.netresec.com/?page=PcapFiles

This is a list of public packet capture repositories, which are freely available on the Internet.Most of the sites listed below share Full Packet Capture (FPC) files, but some do unfortunately only have truncated frames.

www.cfreds.nist.gov/mobile/cellebrite/index.htm

The UFED Reader is an application allowing users to share analysis reports. Features include: advanced analyzing capabilities (e.g., search and entity bookmark functionalities) and report generation in the following formats: pdf, html, xml, Excel, UFED Re ...
Read More...

Puzzles!

0 reviews

forensicscontest.com/puzzles

If you grabbed a contest disc to play after DEFCON, here are the passwords you’ll need to mount the TrueCrypt volume for each round.

Claim Your Listing!

If you are the developer of a tool that is listed, you can claim it, meaning that I will give you access to modify your listing when you need.  You can upload images, add YouTube videos, change the description, etc...

Simply find your listing, select "Claim", and email me at [email protected] so I can give your account permissions to modify your listing.  If you don't email me, I won't know that you claimed a listing....