Apps tagged with 'dfir'

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for realtime alerting.

MacOS forensic acquisition made simple.

Magnet Acquire lets digital forensic examiners quickly and easily acquire forensic images of any iOS or Android device, hard drive, and removable media — and is available at no cost to the forensic community.

Extract files from iOS devices on Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups".

FastFinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criterias:

Collect data from the widest range of digital devices.

RECON ITR brings both Bootable and Live imaging options into one. An indispensable tool for anyone who needs to image and capture data from all Intel macOS computers.

LLIMAGER was designed to address the evolving challenges of macOS forensic imaging. Specifically, it was created in response to the limitations of existing "dead box" solutions and the increasingly stringent security measures implemented by Apple in successive macOS...

Program written in python that attempts to reconstruct and recover data from disks or disk images. Recommended for use from disk images, works well with ddrescue. Currently only works on ntfs filesystems. Can be ran on any operating system that supports python.

As the name implies, this is a hex editor. It aims to be a good general-purpose hex editor and to have a wide selection of features for analysing and annotating binary file formats.

SpectX is a distributed log-parser and query engine that works across multiple log sources like log servers, AWS, ELK, etc. It does not ingest any data but creates a virtual table from the raw data.