Tools

Troubleshooting and monitoring VoIP calls.

Honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks.

Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

Ghidra is a software reverse engineering (SRE) framework

An Obfuscation-Neglect Android Malware Scoring System.

UNIX-like reverse engineering framework and command-line toolset

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

AVML - Acquire Volatile Memory for Linux

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs.

♂ Collect a dossier on a person by username from 3000+ sites

Super timeline all the things

Digging Deeper....

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

Volatility 3.0 development

A cloud native data pipeline and transformation toolkit for security teams.

The most advanced free and open-source browser fingerprinting library

UNIX-like reverse engineering framework and command-line toolset.

Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.

macOS (& ios) Artifact Parsing Tool

go-audit is an alternative to the auditd daemon that ships with many distros

Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD.

GRR Rapid Response: remote live forensics for incident response

High-speed log analysis and forensics tool with multi-format parsing, pattern matching, timeline reconstruction and anomaly detection for incident response.

Digital Forensics Artifact Repository

The FLARE team's open-source tool to identify capabilities in executable files.

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing.

Collaborative forensic timeline analysis

Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes Acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses Dissect to gather that information from the raw disk, if possible.