The Volatility Foundation is an independent 501(c) (3) non-profit organization that maintains and promotes The Volatility memory forensics framework.
DFIQ is a collection of Digital Forensics Investigative Questions and the approaches to answering them. The goal of the project is to build a comprehensive catalog of investigative knowledge to help drive consistent, thorough, and explainable investigations.
The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment . the output produced with timeline that can be analyzed directly from Excel , Timeline Explorer , Timesketch , etc...
Volatile memory extraction utility framework - An advanced memory forensics framework.
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the
system being investigated but offer visibilty into the runtime state of the system.
A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.
If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.
MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system.
Forensic framework for Skype