Search Results for "forensics"
Sort By:
Showing 140 open source projects for "forensics"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
InEight is a leader in construction project controls softwareMinimize risks, gain operational efficiency, control project costs, and make confident, informed decisions. InEight software has your back during every stage of construction, from accurate pre-planning to predictable execution and completion. When project teams collaborate effectively, every decision is backed by precise, authoritative insights.
-
1
Autopsy
Autopsy® is a digital forensics platform and graphical interface
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Autopsy was designed to be intuitive out of the box. Installation is easy and wizards guide you through every step. -
2
Volatility
An advanced memory forensics framework
...It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows. -
3
Digital Forensics Guide
Learn all about Digital Forensics and Computer Forensics
The Digital Forensics Guide repository is a comprehensive, structured reference for investigators, analysts, students, and cybersecurity professionals interested in digital forensics principles, tools, methodologies, and workflows. It organizes foundational topics such as evidence acquisition, disk and memory analysis, file system structures, network forensics, artifact extraction, timeline generation, and reporting into digestible modules that help build core competency. ... -
4
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
...Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs in a Docker-first environment, providing a secure, reproducible setup with built-in tooling and session persistence. It offers real-time feedback and live walkthroughs, allowing users to observe each step of the testing process as it unfolds. Built with a modular and extensible architecture, PentestGPT supports cloud and local LLMs, making it suitable for research, education, and authorized security testing. -
Peer to Peer Recognition Brings Teams TogetherCreate a positive and energetic workplace environment with Motivosity, an innovative employee recognition and engagement platform. With Motivosity, employees can give each other small monetary bonuses for doing great things, promoting trust, collaboration, and appreciation in the workplace. The software solution comes with features such as an open-currency open-reward system, insights and analytics, dynamic organization chart, award programs, milestones, and more.
-
5
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
6
Prowler
An open source security tool to perform AWS security assessment
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others. +200 checks covering security best practices across all AWS regions and most AWS services. ... -
7
GRR
GRR Rapid Response, remote live forensics for incident response
GRR Rapid Response is an incident response framework focused on remote live forensics. It consists of a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR client is deployed on systems that one might want to investigate. -
8
Google CTF
Google CTF
Google CTF is the public repository that houses most of the challenges from Google’s Capture-the-Flag competitions since 2017 and the infrastructure used to run them. It’s a learning and practice archive: competitors and educators can replay tasks across categories like pwn, reversing, crypto, web, sandboxing, and forensics. The code and binaries intentionally contain vulnerabilities—by design—so users can explore exploit chains and patching in realistic settings. The repo also includes infrastructure components and links to a scoreboard implementation, giving organizers reference material for hosting their own events. As a living archive, it documents changes in exploitation trends and defensive techniques year over year. ... -
9
Tracee
Linux Runtime Security and Forensics using eBPF
Tracee is a runtime security and observability tool that helps you understand how your system and applications behave. It is using eBPF technology to tap into your system and expose that information as events that you can consume. Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns. -
Track time for payroll, billing and productivityBecause time is money, and we understand how challenging it can be to keep track of employee hours. The constant reminder to log timesheets so your business can increase billables, run an accurate payroll and remove the guesswork from project estimates – we get it.
-
10
Detect It Easy
Program for determining types of files for Windows, Linux and MacOS
Detect It Easy (DiE) is a tool for determining the type and internal features of binary and other file formats. It is widely used by malware analysts, digital forensics investigators, reverse engineers, and security researchers to quickly inspect unknown files and infer their type, architecture, compiler/packer used, and internal structure. DiE supports a large variety of file formats — from common executables (Windows PE, Linux ELF, macOS Mach-O) to archives, mobile packages (APK, IPA), legacy binaries, compressed or packed files, and more — making it a versatile first step in analysis or triage workflows. ... -
11
FLARE VM
A collection of software installations scripts for Windows systems
FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather than setup. Updates and modular installation let users include only the tools that match their workflow, keeping the VM lean and current. ... -
12
ExifTool
ExifTool meta information reader/writer
ExifTool is a battle-tested Perl application for reading, writing, and batch-editing metadata in thousands of file types—images, videos, audio, documents, and more. It understands major standards like EXIF, IPTC, and XMP as well as an enormous range of camera maker notes and container formats (for example, QuickTime/MP4, PDF, TIFF). Typical workflows include extracting metadata to JSON/CSV/XML, renaming files from timestamps or tags, shifting capture times, copying tags between files, and... -
13
Radare2
UNIX-like reverse engineering framework and command-line toolset
A free/libre toolchain for easing several low-level tasks like forensics, software reverse engineering, exploiting, and debugging. It is composed by a bunch of libraries (which are extended with plugins) and programs that can be automated with almost any programming language. It is recommended to install it from git, alternatively, you can pick the last release (every 6 weeks) from Github. Batch, Commandline, visual, and panels interactive modes. -
14
Mobile Verification Toolkit
Helps with conducting forensics of mobile devices
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence. MVT is a forensic research tool intended for technologists and investigators. Using it requires... -
15
Sherloq
An open source digital image forensic toolset
Sherloq is a research-oriented toolkit designed for digital image forensics, providing an integrated environment to experiment with algorithms for image analysis and tampering detection. Rather than functioning as an automated decision-making system, it serves as a companion tool for researchers, enthusiasts, and students who want to explore forensic techniques from scientific literature and workshops. -
16
X-Ways Forensics X-Tension API
Code and binaries for creating plugins for X-Ways Forensics
...While C/C++ burdens the programmer with keeping track of what data needs to be released when, both Python and C# handle this task for the programmer. Links: X-Ways Forensics product site: https://www.x-ways.net/forensics/index-m.html X-Ways Forensics API reference: https://www.x-ways.net/forensics/x-tensions/api.html C++ sample project: -
17
Infosec Reference
An Information Security Reference That Doesn't Suck
Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. Because security spans... -
18
Live-Forensicator
A suite of Tools to aid Incidence Response and Live Forensics
Live-Forensicator is a toolkit intended for live forensic collection and initial triage on Windows machines. It automates the capture of volatile information—running processes, network connections, loaded drivers, account sessions, and in-memory artifacts—into a consistent artifact set that investigators can analyze offline. The tool tries to be non-invasive while collecting sensitive data quickly and logs the collection steps to preserve chain-of-custody details and to help auditors... -
19
WIN-FOR
A Windows Forensics VM Builder
-
20
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
">
-
21
-
22
...Alerts are viewed and summarized in different ways, filtered, and documented until ideally no alerts remain. At any time, filters can be suppressed so that all collected alerts can be analyzed for patterns, forensics, etc. Filters can also be used to hide noisy alerts without deleting them or suppressing them at the IDS. An effective strategy for dealing with noisy alerts can be achieved by combining alert thresholding at the IDS and filtering in SNEZ. SNORT® is a registered trademark of Sourcefire, Inc. All rights reserved.
-
23
-
24
key-elf
Forensic tool to recover lost BTC private keys.
A powerful utility to hunt down Bitcoin private keys from deleted wallet.dat files or damaged hard drives. If you accidentally deleted your Bitcoin Core wallet or formatted your disk, this tool can help. It bypasses the file system and scans the raw data directly, looking for the unique "fingerprint" (ASN.1 signature) of Bitcoin private keys to recover them from the digital wreckage.The Graphical User Interface (GUI) is the advanced/premium version. If needed, please visit:...">
-
25
Linux Engineer Toolkit Live
Portable Linux engineer toolkit for recovery, repair & data rescue
Linux Engineer Toolkit (LengToolkit) Live is a specialized, recovery-oriented Linux distribution designed for system engineers and IT professionals. Operating exclusively in Live mode, it provides a robust environment to rescue failing systems, recover lost data, and manage disk infrastructures without the need for installation.