If you prefer to use different platforms for malware analysis and forensics, here is a good fresh tool for you – PPEE or Professional PE Explorer (also known as puppy). You can run it on Windows, macOS or Linux, and perform your analysis without any problems. For more information and download links check this post.
PsychoHasher is a Java based open source tool for generating and verifying hashes for text, files, combined digest for multiple files. It’s a program which can compute the following hashes: MD5, SHA1, SHA-224, SHA-256, SHA-384, and SHA-512. You can learn more about the tool and download it here. Here is a video presentation:
evtkit is a Python tool, which can help a computer forensic examiner to fix acquired Windows Event Log files. It’s lightweight, has no external dependencies and available for free at yarox24’s GitHub.
Packet-o-matic NG or pom-ng is a real time network forensic tool. It parses network traffic into events and payloads which can then be logged, saved or anything else you might imagine. Learn more about it here.
FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knownledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework. Instead of developing several scripts for different tasks related to malware analysis, develop FAME modules that will be able …
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unifiedrepository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don’t have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely …
The stable version of a light version of DEFT Linux specifically designed to the forensic acquisition of the digital evidence, DEFT Zero, is available for downloading. Now it has support to NVMExpress memories, eMMC memories and UEFI.
Shujian Yang has written a tool called btrForensics, which can be used for performing Btrfs forensic analysis. Currently the tool has the following capability: Browse nodes derived from root tree and print information. Browse nodes in filesystem tree and print information. List all files in default filesystem tree. Explore files and subdirectories in default root directory. Switch to a subvolume or snapshot …
The new version of Google Chrome forensics tool –Â Hindsight, – is released. Here are the main new features: Cross-platform web UI Easier installation on all OSes â now just do pip install pyhindsight Ability to parse multiple Chrome caches Portable EXEs for GUI and cmdline versions Hindsight is a free tool for analyzing web artifacts. It started with the browsing …
Mari DeGrazia has written “a little program to help automate the process of checking a list of IP addresses against Tor Relays and Bridges”. You can learn more about Onion Peeler in this post, and download it from her GitHub.
Login
