61 matches found
Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools
Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...
Volatility Workbench - A GUI For Volatility Memory Forensics
Volatility Workbench is a graphical user interface GUI for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the...
CIRTKit - Tools For The Computer Incident Response Team
One DFIR console to rule them all. Built on top of theViper Framework Documentation Please see the wiki for more information about CIRTKit and documentation Roadmap Future integrations Bit9 Palo Alto Networks EnCase/FTK Future modules Packet Analysis possibly Dshell Javascript...
Query Windows Machine for RAM Artifacts: memtriage
Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...
Linux Screenshot XWindows - Volatility Plugin To Extract X Screenshots From A Memory Dump
The goal of this volatility plugin is to extract a screenshot of all open X windows from a memory dump. Overview The plugin first dumps the X server memory mappings. These mappings are then given in input to a C program loader, along with the output of Adam's plugin. This C program mmaps with the...
Someone Stole Almost Half a BILLION Dollars from Japanese Cryptocurrency Exchange
Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets nearly $420 million in NEM tokens and $112 in Ripples. In 2014, Mt Gox, one of the largest bitcoin exchange at that time,...
Talos Wins The 5th Volatility Plugin Contest With Pyrebox
Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source framework designed to analyze operating system memory. The framework has existed since 2007. For the previous 5 years they have run a plugin contest to find the most innovative, interestin...
LiMEaide - Tool to remotely dump RAM of a Linux client
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...
Remotely Dump Linux RAM: LiMEaide
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...
Automated Privilege Escalation: portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders – known for their...
Bitcoin Price Jumps Above $1150 — Highest in last 3 Years
What a good start of the New Year for those holding Bitcoins! Web-based digital currency Bitcoin has passed $1,110 for the first time on the Bitstamp Price Index BPI since early November 2013. Bitcoin broke the barrier on 1 January and now is trading above $1,150 mark at the time of writing,...
ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data
ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...
Windows Forensic Data Collection: IR-rescue
Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...
Analyzing Linux Malware Sandbox: Limon
Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...
Android Pentesting Portable Integrated Environment: Appie
Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...
YaVol - GUI for Volatility Framework and Yara
This is just another GUI for volatility and yara which could make someone's life easier. It is inteded for Incident responders for quick examination of a memory image. Results are stored in sqlite db for reuse. 1. Installation Clone repo git clone https://[email protected]/Ft44k/yavol.git...
DAMM - Differential Analysis of Malware in Memory
An open source memory analysis tool built on top of Volatility. It is meant as a proving ground for interesting new techniques to be made available to the community. These techniques are an attempt to speed up the investigation process through data reduction and codifying some expert knowledge...
CAINE 6.0 "Dark Matter" - Distribution with a complete forensic environment
CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a project of Digital Forensics. Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software...
Smart Pentester - An SSH based Penetration Testing Framework
Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc. Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence,...
[Volatility v2.3] The advanced memory forensics framework (Support of OSX)
The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated...