Srum-dump is an open source tool by Mark Baggett, which creates an excel spreadsheet containing forensics artifacts contained the SRUM (System Resource Utilization Manager) database. The program can be run with no input and it will prompt you for each of the needed arguments. The program requires two inputs. The first is an SRUM database. The SRUM database is usually \Windows\system32\sru\SRUDB.dat. …
SSMA is a simple malware analyzer written in Python 3. The tool has the following features: Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.) Searches for possible domains, e-mail addresses, IP addresses in the strings of the file. Checks if domains are …
Harlan Carvey, the author of best selling Windows Forensic Analysis series, has published a post in his blog about tools he usually uses. You will learn about tools of his choice for memory forensics, carving, web-browsers forensics, Shadow Copies and Windows Event Logs.
bootcode_parser.py is a Python script designed to perform a quick offline analysis of the boot records used by BIOS based systems (UEFI is not supported). It is intended to help the analyst triaging individual boot record dumps or whole disk images. The latter is preferred since it allows the script to perform additional checks that would not be possible on …
Noriben is a Python-based script by Brian Baskin that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample’s activities. Noriben allows you to not only run malware similar to a sandbox, …
New versions of your favorite open source digital forensics tools – the Sleuth Kit and Autopsy, – have been released.
Radare is a libre framework and a set of tools to ease several tasks related to reverse engineering, exploiting, forensics, binary patching, .. this year, the project gets 10 year old.
EVTXtract is a digital forensics tool by Willi Ballenthin capable of recovering and reconstructing fragments of EVTX log files from raw binary data, including unallocated space and memory images.
ProcDOT is a malware analysis tool created by Christian Wojner.
Gransk is an open source tool by Petter Christian Bjelland that aims to be a Swiss army knife of document processing and analysis.
Login
