Packet-o-matic NG or pom-ng is a real time network forensic tool. It parses network traffic into events and payloads which can then be logged, saved or anything else you might imagine. Learn more about it here.
FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knownledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework. Instead of developing several scripts for different tasks related to malware analysis, develop FAME modules that will be able …
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unifiedrepository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don’t have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely …
The stable version of a light version of DEFT Linux specifically designed to the forensic acquisition of the digital evidence, DEFT Zero, is available for downloading. Now it has support to NVMExpress memories, eMMC memories and UEFI.
Shujian Yang has written a tool called btrForensics, which can be used for performing Btrfs forensic analysis. Currently the tool has the following capability: Browse nodes derived from root tree and print information. Browse nodes in filesystem tree and print information. List all files in default filesystem tree. Explore files and subdirectories in default root directory. Switch to a subvolume or snapshot …
The new version of Google Chrome forensics tool –Â Hindsight, – is released. Here are the main new features: Cross-platform web UI Easier installation on all OSes â now just do pip install pyhindsight Ability to parse multiple Chrome caches Portable EXEs for GUI and cmdline versions Hindsight is a free tool for analyzing web artifacts. It started with the browsing …
Mari DeGrazia has written “a little program to help automate the process of checking a list of IP addresses against Tor Relays and Bridges”. You can learn more about Onion Peeler in this post, and download it from her GitHub.
BTG is a tool by Lancelot Bogard Robin Marsollier, which allows you to qualify one or more potential malicious markers of different type (URL, MD5, SHA1, SHA256, SHA512, IPv4, IPv6, domain, etc). You can run this tool with a GNU/Linux environment. The Windows compatibility is currently working in BETA version. Learn more about the tool at GitHub.
Malboxes by GoSecure will build malware analysis Windows VMs for you so that you don’t have to. To learn more about the installation process, both for Windows and Unix/Linux, and how to create boxes, check project’s GitHub page.
Mark McKinnon has written a very useful module, which helps you to run plaso against your image that you have in Autopsy or import a plaso storage file into Autopsy. Check Mark’s Medium to learn more about it.
Login
