Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. You can read more about the tool and download it here.
PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For all the pastes it finds it scans the raw contents against a series of yara rules looking for information that can be used by an organization or a researcher.
Forensic7z is a plugin for 7-Zip archiver that can be used for opening and browsing disk images created by specialized software for forensic analysis, such as Encase or FTK Imager. At the moment, the Forensic7z plugin supports images in the following formats: ASR Expert Witness Compression Format (.S01) Encase Image File Format (.E01, .Ex01) Encase Logical Image File Format (.L01, …
MantaRay Forensics team converted VirusShare.com 0-337 hash sets to RAW, EnCase and Autopsy format. The new set contains 31,908,993 MD5 notable hash values. The RAW hash set is compatible with AXIOM from Magnet Forensics. You can download refined hash sets here.
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory dumps.” It constructs the timeline based on the output of the following Volatility plugins: timeliner, mftparser, and shellbags. You can download the tool here.
Eric Zimmerman has released a new tool. This time it’s Recycle Bin artifact parser called RBCmd. It supports both INFO2 and $I formats. You can download the tool here.
A new version of CAINE (Computer Aided INvestigative Environment) has been released. Version 10.0 includes new OSINT, Autopsy 4.9, it’s APFS ready, has BTRFS foresic tool, NVME SSD drivers ready. Learn more about the new version here.
Sarah Edwards presented a new tool called APOLLO or Apple Pattern of Life Lazy Output’er. The tool was presented at Objective by the Sea – Mac Security Conference. You can find the slides here, and download the tool for testing (it’s in beta now!) here.
Arsenalâs Brian Gerdon presented Backstage Parser – a python tool that can be used to parse the contents of Microsoft Office files found in the â\Users(User)\AppData\Local\Microsoft\Office\16.0\BackstageinAppNavCacheâ path. Learn more about the tool at Arsenal’s GitHub.
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn more about the tool at GitHub.
Login
