GRR Rapid Response is an incident response framework focused on remote live forensics.
Read more
Category: Security
MIG: Mozilla InvestiGator – real-time digital forensics and investigation platform
MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel.
Read more
The Sleuth Kit – analyze disk images and recover files
The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools.
Read more
The Autopsy Forensic Browser – digital forensics platform
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.
Read more
Volatility – advanced memory forensics framework
The Volatility Framework is a completely open collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.
Read more
rdd – forensic copy software
rdd is a forensic copy program developed at and used by the Netherlands Forensic Institute (NFI). rdd is a file and device copying utility.
Read more
guymager – forensic imager for media acquisition
The forensic imager contained in this package, guymager, was designed to support different image file formats, to be most user-friendly and to run fast.
Read more
Suricata – high performance Network IDS, IPS and Network Security Monitoring engine
Suricata is a threat detection engine, combining intrusion detection, intrusion prevention, network security monitoring and PCAP processing.
Read more
Snort – intrusion prevention system
Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language.
Read more
Zeek – powerful network analysis framework
Zeek (formerly known as Bro) is a powerful free and open source framework for network traffic analysis and security monitoring.
Read more
Maltrail – malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists.
Read more
Hostsblock – malware-blocking cronscript
Hostsblock is a POSIX-compatible script for Linux designed to take advantage of the HOSTS file to block malware.
Read more
libredefender – antivirus program
libredefender is an antivirus program. Scanning is implemented with libclamav.
Read more
Unhide – forensic tool to find hidden processes
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hiding technique.
Read more
phpMussel – PHP-based anti-virus anti-trojan anti-malware solution
phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files.
Read more
Linux Malware Detect – malware scanner
Linux Malware Detect (LMD) is a malware scanner that is designed around the threats faced in shared hosted environments.
Read more
ClamTk – frontend for ClamAV
ClamTk is a frontend for ClamAV (Clam Antivirus).
Read more
YARA – pattern matching swiss knife for malware researchers
YARA is a free and open source tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.
Read more
ClamAV – antivirus engine
Clam AntiVirus is a free and open source anti-virus toolkit, designed especially for e-mail scanning on mail gateways.
Read more
Wireshark – network packet analyzer
Wireshark is a network packet analyzer. A network packet analyzer captures network packets and tries to display that packet data as detailed as possible.
Read more