Forensics Tools

534 tools
pe
pe
Open Source Forensics Reverse Engineering

A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis …
pe-bear
pe-bear
Open Source Forensics

Portable Executable reversing tool with a friendly GUI
PE-LiteScan
PE-LiteScan
Open Source Forensics Reverse Engineering

A simple crossplatform heuristic PE-analyzer
pe-sieve
pe-sieve
Open Source Forensics

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory…
pecli
pecli
Open Source Forensics Reverse Engineering

Tool to analyze PE files in python 3. Current features : Show information about the file (import, exports, resources) Search for interesting…
peid
peid
Open Source Forensics Reverse Engineering

Python implementation of the Packed Executable iDentifier (PEiD)
PeNet
PeNet
Open Source Forensics

Portable Executable (PE) library written in .Net
PersistenceSniper
PersistenceSniper
Free Forensics Post-Exploitation

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows ma…
phishstats-api-network
phishstats-api-network
Open Source Forensics Reconnaissance

Visualize networks of phishing by querying the phishstats.info API
picoCTF-2024-Writeup
picoCTF-2024-Writeup
Free Forensics Reverse Engineering

picoCTF 2024 Writeup (Capture the Flag Competition) with the solutions for the challenges.
pimage
pimage
Open Source Forensics

This is a python package for detecting copy-move attack on a digital image.
pkappa2
pkappa2
Open Source Forensics

Network traffic analysis tool for Attack & Defense CTF's
plaso
plaso
Open Source Forensics

Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation …
Plaso (log2timeline)
Plaso (log2timeline)
Open Source Kali Forensics

Timeline creation and analysis tool. Extracts timestamps from hundreds of artifact types across Windows, Linux, and macOS to create a super-…
postmortem-docs
postmortem-docs
Open Source Forensics

PagerDuty's Public Postmortem Documentation
prowler
prowler
Open Source Forensics

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environm…
ptcpdump
ptcpdump
Open Source Forensics

Process-aware, eBPF-based tcpdump
PWF
PWF
Free Forensics

Practical Windows Forensics Training
pwndbg
pwndbg
Open Source Kali Forensics Reverse Engineering

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
pyhidra
pyhidra
Free Forensics Reverse Engineering

Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.
pylnk
pylnk
Open Source Forensics

Python library for reading and writing Windows shortcut files (.lnk). Python 3 only.
pyOneNote
pyOneNote
Open Source Forensics

A python library to parse OneNote (.one) files
PyPCAPKit
PyPCAPKit
Open Source Forensics

Python-based Comprehensive Network Packet Analysis Library
PyrsistenceSniper
PyrsistenceSniper
Open Source Forensics

We took PersistenceSniper, merged it with Python, and misspelled it on purpose. Meet PyrsistenceSniper.