Michael Matonis has written a library that helps security researchers create simple or complex YARA rules in Python. It’s called yara_tools, you can learn more about it here.

Alexis Brignoni has written a script for parsing all the logs in the /private/var/installd/Library/Logs/MobileInstalation/.log. As the result, you’ll get “a currently installed apps report, a uninstalled apps report and historical reports for both types per app.” You can learn more about this tool and download it here.

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including: WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)HTTP (Listing all visited websites, downloaded files)HTTPS (Listing …

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. You can read more about the tool and download it here.

PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For all the pastes it finds it scans the raw contents against a series of yara rules looking for information that can be used by an organization or a researcher.

Forensic7z is a plugin for 7-Zip archiver that can be used for opening and browsing disk images created by specialized software for forensic analysis, such as Encase or FTK Imager. At the moment, the Forensic7z plugin supports images in the following formats: ASR Expert Witness Compression Format (.S01) Encase Image File Format (.E01, .Ex01) Encase Logical Image File Format (.L01, …

MantaRay Forensics team converted VirusShare.com 0-337 hash sets to RAW, EnCase and Autopsy format. The new set contains 31,908,993 MD5 notable hash values. The RAW hash set is compatible with AXIOM from Magnet Forensics. You can download refined hash sets here.

Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory dumps.” It constructs the timeline based on the output of the following Volatility plugins: timeliner, mftparser, and shellbags. You can download the tool here.

Eric Zimmerman has released a new tool. This time it’s Recycle Bin artifact parser called RBCmd. It supports both INFO2 and $I formats. You can download the tool here.

A new version of CAINE (Computer Aided INvestigative Environment) has been released. Version 10.0 includes new OSINT, Autopsy 4.9, it’s APFS ready, has BTRFS foresic tool, NVME SSD drivers ready. Learn more about the new version here.