Visualize network topologies and collect graph statistics based on pcap files
created at Jan. 21, 2015, 10:57 p.m.
DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.
created at May 6, 2015, 3:11 p.m.
ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.
created at May 24, 2016, 5:04 p.m.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
created at April 29, 2011, 4:37 a.m.
C++ application that uses memory and code hooks to detect packers
created at April 15, 2015, 11:02 p.m.
A modular Python application to collect intelligence for malicious hosts.
created at Aug. 22, 2016, 8:25 p.m.
Web interface for the Volatility Memory Forensics Framework
created at April 14, 2015, 1:26 a.m.
DEPRECATED - USE v3 (bearded-avenger)
created at Jan. 6, 2014, 1:02 p.m.
Differential Analysis of Malware in Memory
created at Sept. 16, 2014, 5:32 p.m.
Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.
created at Jan. 16, 2013, 2:04 p.m.
Malware Analysis Tool using Function Level Fuzzy Hashing
created at Sept. 18, 2015, 5:55 p.m.
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
created at Oct. 5, 2013, 8:59 p.m.