Skip to content

7h4nd5RG0d/Forensics

BranchesTags

Repository files navigation

Forensics

Forensics in a nutshell

Networking CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Networking

Steganography CTF writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Steganography

Memory CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/Memory

RF CTF Writeups -->

https://github.com/7h4nd5RG0d/Forensics/tree/main/RF

TOOLS:

  1. Wireshark/tshark(KALI)
  2. piet estoric language decoder --> https://www.bertnase.de/npiet/
  3. Network Miner --> https://www.netresec.com/?page=NetworkMiner
  4. PDFstreamdumper --> http://sandsprite.com/blogs/index.php?uid=7&pid=57
  5. HxD
  6. qpdf(KALI) -->https://github.com/qpdf/qpdf
  7. Autopsy
  8. FTK imager
  9. Firefox Password --> https://github.com/lclevy/firepwd
  10. Python installer retreiveal from EXE --> https://github.com/extremecoders-re/pyinstxtractor
  11. Python decompiler --> https://github.com/rocky/python-uncompyle6
  12. Silenteye --> https://achorein.github.io/silenteye/download/?i2
  13. Chainsaw --> https://github.com/WithSecureLabs/chainsaw
  14. Windows Defender Quarantine Decryptor --> https://github.com/zam89/Windows-Defender-Quarantine-File-Decryptor
  15. Code decompiler(C# for malware analysis) --> https://github.com/icsharpcode/AvaloniaILSpy/releases
  16. .evtx to JSON for better parsing --> https://github.com/omerbenamram/evtx/releases
  17. MFT parser --> https://aboutdfir.com/toolsandartifacts/windows/mft-explorer-mftecmd/2/
  18. 7-zip File Manager
  19. pffexport(KALI) --> https://www.venea.net/man/pffexport(1)
  20. regripper(KALI) --> https://github.com/keydet89/RegRipper4.0
  21. Amcache Parser --> https://f001.backblazeb2.com/file/EricZimmermanTools/AmcacheParser.zip
  22. Registry Explorer --> https://www.sans.org/tools/registry-explorer/
  23. MFTecmd --> https://www.sans.org/tools/mftecmd/
  24. NTFS log tracker -->https://sites.google.com/site/forensicnote/ntfs-log-tracker
  25. SQlite db browser
  26. Acropalypse( CVE of cropping images) --> https://github.com/frankthetank-music/Acropalypse-Multi-Tool
  27. Analyzing .DMP files(Mimikatz in python) --> https://github.com/skelsec/pypykatz
  28. Mozilla forensic tool --> https://github.com/Busindre/dumpzilla
  29. Prefetch Explorer --> https://github.com/EricZimmerman/PECmd?tab=readme-ov-file
  30. Prefetch cmdline --> https://github.com/dfir-scripts/prefetchruncounts (for pyscca --> https://pypi.org/project/libscca-python/#files)
  31. Shellbag Explorer --> https://ericzimmerman.github.io/#!index.md
  32. Jumplist explorer --> https://ericzimmerman.github.io/#!index.md
  33. Windbg --> http://www.windbg.org/
  34. Keepass Dumper(CVE-2023-32784) --> https://github.com/vdohney/keepass-password-dumper
  35. gittools --> https://github.com/internetwache/GitTools
  36. minecraft chunks/maps --> https://www.spigotmc.org/resources/chunky.81534/
  37. twitter secret messages --> https://holloway.nz/steg/
  38. impacket (dumping secrets from NTDS,SYSTEM,SECURITY,SOFTWARE) --> https://github.com/fortra/impacket#quick-start
  39. inspectrum --> https://github.com/miek/inspectrum
  40. gnuradio --> https://wiki.gnuradio.org/index.php/WindowsInstall
  41. gqrx --> https://www.gqrx.dk/download
  42. Sonic Visualizer
  43. Audacity
  44. fontforge --> https://fontforge.org/en-US/downloads/windows/
  45. Fonts debugging using otf2fea --> pip install fontFeatures
  46. .NET disassmblt -> Andriod studio dotpeek
  47. RDP Bitmap Cacher -> https://github.com/ANSSI-FR/bmc-tools/
  48. eaphammer(WIFI) -> https://github.com/s0lst1c3/eaphammer
  49. MITRE --> https://attack.mitre.org/tactics/enterprise/
  50. Hindsight(WEB forensics) --> https://github.com/obsidianforensics/hindsight
  51. Hayabusa YARA --> https://github.com/Yamato-Security/hayabusa-rules
  52. Analyzing Volume Shadow Copies --> https://www.shadowexplorer.com/downloads.html
  53. MACOS Keychain --> https://github.com/n0fate/chainbreaker
  54. RDP bitmap cache parser --> https://github.com/ANSSI-FR/bmc-tools/blob/master/bmc-tools.py

Resources:

  1. File Signatures --> https://en.wikipedia.org/wiki/List_of_file_signatures
  2. https://docs.fileformat.com/executable/
  3. Windows Defender --> https://reversingfun.com/posts/how-to-extract-quarantine-files-from-windows-defender/
  4. TCP using nmap --> https://nmap.org/book/scan-methods-null-fin-xmas-scan.html
  5. Volatility notepad dumping(VAD--Windbg) --> https://infosecwriteups.com/extracting-an-unsaved-memory-content-by-walking-through-windows-heaps-but-how-6992589d872e
  6. Volatility Cheatsheet --> https://blog.onfvp.com/post/volatility-cheatsheet/
  7. HTB --> https://app.hackthebox.com/
  8. Labs --> https://github.com/frankwxu/digital-forensics-lab/tree/main
  9. Memlabs --> https://github.com/stuxnet999/MemLabs#tools-and-frameworks-hammer_and_wrench
  10. DFIR --> https://aboutdfir.com/education/challenges-ctfs/
  11. DFIR --> https://www.dfir.training/books/2023
  12. tryhackme --> https://tryhackme.com/
  13. ctflearn --> https://ctflearn.com/
  14. Splunk --> https://bots.splunk.com/event/3oQ7sqI5bajOCP43o0svqT/detail
  15. Lsass ==> https://github.com/mazyaar/lsass_memory?tab=readme-ov-file#file-monitoring
  16. Browser Exploitation Framework ->https://www.stationx.net/beef-hacking-tool/

About

Forensics in a nutshell

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages