PowerGREP provides you with the tools and options you need for detailed and successful audits and forensic analysis.
Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more detail ...
Read More...
MD5DEEP 4.4 and related tools (sha1deep, hashdeep, whirlpooldeep, etc) and 64-bit equivalents.
WinMD5Free v1.20
PEiD v0.95 with KANAL plugin
Strings v2.52
upx 3.91
PEview v0.9.9
Resource Hacker v4.2.5
... "I'm publishing a sample Active Directory database file (ntds.dit) together with the corresponding SYSTEM registry hive so that you can practice hash extraction and password cracking."blog.didierstevens.com/2016/07/12/practice-ntds-dit-file-part-1/amp/ ...
Read More...
This EnScript is designed to parse the prefetch files created by the MS Windows Task Scheduler service. Prefetch files contain details of system activity during the period when the operating-system boots, and when an application starts. This allows the ...
Read More...
OSForensics™ includes a Prefetch viewer for viewing application execution metrics stored by the operating system's Prefetcher. The Prefetcher is a component that improves the performance of the system by pre-caching applications and its associated file ...
Read More...
Project Quincy is a Django application with a MySQL database that uses information about people, places, and organizations to trace how social networks and institutions develop over time and through space. It is named in honor of John Quincy Adams (176 ...
Read More...
"The purpose of Project VIC is to create an ecosystem of information and data sharing between domestic and international law enforcement agencies all working on crimes facilitated against children and the sexual exploitatio ...
Read More...
PSHunt is a Powershell Threat Hunting Module designed to scan remote endpoints* for indicators of compromise or survey them for more comprehensive information related to state of those systems (active processes, autostarts, configurations, and/or logs) ...
Read More...
Extract payloads from data in a given stream of a caputre file
PowerShell script useful for Incident Response and security/configuration baselines for Windows Vista and later. Self-contained
pt-stalk waits for a trigger condition to occur, then collects data to help diagnose problems. The tool is designed to run as a daemon with root privileges, so that you can diagnose intermittent problems that you cannot observe directly. You can also ...
Read More...
Simple tool for taking notes in a pentest. PTNotes uses data from imported Nessus and Nmap files along with the built-in attack data to build a list of hosts, open ports, and potential attack vectors. It then allows you to add notes to each host and ea ...
Read More...
© 2019 Copyright | DFIR Training