Digital Forensics
Showing 29 of 101 projects
A PowerShell module for live incident response that enumerates Windows autorun artifacts to detect persistence mechanisms used by malware and legitimate programs.
A PowerShell module for remote endpoint threat hunting, scanning for indicators of compromise and collecting system state information.
A distributed web interface for collaborative memory forensics analysis using Volatility 3.
An automated memory analysis tool for malware samples and memory dumps that extracts executables, processes, injections, and artifacts.
A web-based interface for the Volatility memory forensics framework, enabling browser-based analysis of RAM dumps.
A lightweight incident response tool for rapid suspicious file discovery during threat hunting and forensic triage.
A Linux memory acquisition tool that creates ELF core dumps compatible with gdb, crash, and drgn for incident response.
A Python tool that finds and extracts files from packet capture (pcap) files for forensic analysis.
A Windows artifact collection and parsing tool for targeted digital forensics and incident response investigations.
An open-source memory forensics tool built on Volatility for differential analysis and data reduction in malware investigations.
Recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
A Python script that uses Volatility to analyze malware memory footprints by comparing Windows memory images before and after infection.
A scripting framework for standardizing and automating Windows live forensic artifact acquisition using common utilities.
A Python tool for offline detection of Windows persistence mechanisms in forensic collections like KAPE dumps or mounted disk images.
A live forensics tool for Linux that collects system artifacts and logs them to CSV files for compromise detection.
A command-line tool for parsing, searching, and analyzing Windows Registry hives with batch processing and forensic capabilities.
A unified console for digital forensics and incident response (DFIR) built on the Viper Framework.
A unified console for digital forensics and incident response built on the Viper Framework.
A PowerShell-based live response and forensic collection tool for targeted incident response on Windows systems.
A command-line utility for storing, tagging, and searching malware samples to help analysts manage their workflow.
A tool to quickly gather forensic artifacts from disk images or live systems into lightweight containers for digital forensic triage.
Extracts data from iTunes backup Manifest.plist files to generate hashes compatible with hashcat cracking modes 14700 and 14800.
A command-line tool for digital forensics that checks file MD5 hashes against the NSRL Reference Data Set to identify known software files.
A knowledge base documenting digital forensics artifacts to help investigators understand evidence sources and their forensic significance.
Extracts Windows Hello PIN hashes for offline cracking with Hashcat.
A Python utility for securely unpacking and staging suspicious files, designed for integration with malware analysis tools like Cuckoo Sandbox.
A set of Maltego transforms for VirusTotal Public API v2.0 with daily query caching to speed up resolutions.
A tool for fast detection of repackaged Android applications by comparing resource file digests from APK signatures.
A forensic tool for dumping memory from Android devices requiring root access.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.