Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux

usbrip derived from "USB Ripper", not "USB R.I.P." is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts aka USB event history, "Connected" and "Disconnected" events on Linux machines. Description usbrip is a small piece of software written in pure...

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...

Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a publicly disclosed vulnerability in Apache Tika (CVE-2018-17197)

Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is vulnerable to denial of service. Vulnerability Details CVEID: CVE-2018-17197 Description: Apache Tika is vulnerable to a denial of service, caused by an error in the SQLite3Parser. By using a specially-crafted file, a...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017,  CVE-2018-11796)

Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is affected by multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-11761 Description: Apache Tika is vulnerable to a denial of service, caused by the failure to configure XML parsers to limit entity expansion. A...

Rifiuti2 - Windows Recycle Bin Analyser

Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer forensics. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed. For...

MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud

MIG is Mozilla's platform for investigative surgery of remote endpoints. Quick Start w/ Docker You can spin up a local-only MIG setup using docker. The container is not suitable for production use but lets you experiment with MIG quickly, providing a single container environment that has most of...

Cellebrite Claims It Can Unlock Any iPhone

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know...

RedGhost - Linux Post Exploitation Framework Designed To Gain Persistence And Reconnaissance And Leave No Trace

Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl Crontab Function to create cron job that downloads and runs payload eve...

Sliver - Implant Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...

Cellebrite claims its new tool unlocks almost any iOS or Android device

By Waqas Cellebrite is the same company which helped the FBI to unlock iPhone device of San Bernardino shooter. Renowned Law Enforcement contractor, the Israel-based forensics firm Cellebrite has claimed that they have developed a perfect tool to hack almost every high-end Android and iOS device,...

PcapXray v2.5 - A Network Forensics Tool To Visualize A Packet Capture Offline As A Network Diagram

PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...

OSINT-Search - Useful For Digital Forensics Investigations Or Initial Black-Box Pentest Footprinting

OSINT-Search is a useful tool for digital forensics investigations or initial black-box pentest footprinting. OSINT-Search Description Script in Python that applies OSINT techniques by searching public data using email addresses, phone numbers, domains, IP addresses or URLs. Create an account at...

How Not to Acknowledge a Data Breach

I'm not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it's crystal clear they wouldn't know what to do with a data breach if...

Hey Secret Service: Don't Plug Suspect USB Sticks into Random Computers

I just noticed this bit from the incredibly weird story of the Chinese woman arrested at Mar-a-Lago: Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang's thumb drive into his computer, it...

Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs

Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or...

For a driver to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword As Microsoft is constantly reinforcing core safety, enhance the native kernel components of the exploit difficulty, and now third party kernel drivers are gradually becoming the attacker's preferred target, is security analysts the focus of the study. Signed third-party driver...

Turbinia - Automation And Scaling Of Digital Forensics Tools

Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads. It is intended to automate running of common forensic processing tools i.e. Plaso, TSK, strings, etc to help with processing evidence in the Cloud, scaling the processing of large amounts of...

Imago Forensics - Imago Is A Python Tool That Extract Digital Evidences From Images

Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to extract...

Forensics and the Internet of Things (IoT)

Today, the Internet of Things IoT means that billions of devices are connected to the Internet. People and organizations are looking to connect devices more frequently for automation, simplification, and the feature advantages the IoT delivers. Items such as smoke detectors, glasses, watches,...