A modular Python application to pull intelligence about malicious files
created at Aug. 30, 2016, 5:35 p.m.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
created at Oct. 5, 2017, 11:44 p.m.
A Python DNS crawler to find identical domain names under different TLDs.
created at April 24, 2015, 10:18 a.m.
A forensic evidence collection & analysis toolkit for OS X
created at Aug. 4, 2014, 6:25 p.m.
OS X Auditor is a free Mac OS X computer forensics tool
created at June 19, 2013, 5:26 p.m.
VolatilityBot – An automated memory analyzer for malware samples and memory dumps
created at Feb. 4, 2015, 3:13 p.m.
An advanced memory forensics framework
created at April 24, 2014, 3:45 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
created at Sept. 23, 2014, 4:23 p.m.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
created at April 29, 2011, 4:37 a.m.
Web interface for the Volatility Memory Forensics Framework
created at April 14, 2015, 1:26 a.m.
CLI utility and Python module for analyzing log files and other data.
created at Feb. 19, 2017, 8:31 p.m.
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
created at March 24, 2015, 8:15 p.m.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
created at Aug. 2, 2016, 9:01 p.m.
This is the development tree. Production downloads are at:
created at April 3, 2012, 4:36 a.m.
Adversary tradecraft detection, protection, and hunting
created at March 25, 2016, 11:28 a.m.