Tag: Malware Analysis

OPEN SECURITY TRAINING .INFO

In the spirit of OpenCourseWare and the Khan Academy, OpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. All material is licensed with an open license like CreativeCommons, allowing anyone to use the material however they see fit, so long as they share …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/10/19/open-security-training-info/

Mft2Csv

Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/10/07/mft2csv/

LiME (formerly DMD)

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. Full Android memory acquisition Acquisition over network interface Minimal process footprint …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/17/lime-formerly-dmd/

Evolve

Web interface for the Volatility Memory Forensics Framework https://github.com/volatilityfoundation/volatility Works with any Volatility module that provides a SQLite render method (some don’t) Automatically detects plugins – If volatility sees the plugin, so will eVOLve All results stored in a single SQLite db stored beside the RAM dump Web interface is fully AJAX using jQuery & …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/16/evolve/

The Forensic Analysis Toolkit (FATKit)

The Forensic Analysis Toolkit (FATKit) is a new cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory. The framework is intended for researchers, law enforcement professionals, and forensics analysts who are interested in extracting and interpreting relevant information in the wake of a crime or incident. FATKit was developed in response to …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/09/15/the-forensic-analysis-toolkit-fatkit/

Total Network Monitor

Total Network Monitor is a free network monitoring software for the continuous monitoring of the local network, individual computers, and services that require careful attention and thorough control. TNM will alert you of any problem in advance and generate a detailed report on the circumstances of the failure. How it works Monitor is a special …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/03/total-network-monitor-2/

CAINE (Computer Aided INvestigative Environment)

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE aims …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/01/24/caine-computer-aided-investigative-environment/

BackBox Linux

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/17/backbox-linux/

Registry Decoder

Accurate, efficient analysis of the Windows registry Registry Decoder provides a single tool in which to perform browsing, searching, analysis, and reporting of registry hive contents. All functionality is exposed through an intuitive GUI interface and accommodates even novice investigators. Registry Decoder also acts as a great resource for new research and experimenting within the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/11/registry-decoder/

ForensicUserInfo

ForensicUserInfo will extract the following information: RID Login Name Name Description User Comment LM Hash NT Hash Last Login Date Password Reset Date Account Expiry Date Login Fail Date Login Count Failed Logins Profile Path Groups http://www.woanware.co.uk/forensics/forensicuserinfo.html

Permanent link to this article: https://www.darknessgate.com/2014/11/11/forensicuserinfo/

Volatility Interface & Extensions

This project aims to develop a software to extend the use and simplify the handling of the Volatility Framework . Objectives of VOLIX: Simplify the handling of Volatility Provide a more intuitive GUI handling Reduce complex command sequences to a single click Improving usability Increase analysis speed (no tedious typing of commands) Make comparison and correlation of results easier Offer assistance / examples Provide new functions Automated search for malware and analysis of the findings by VirusTotal Detecting of hidden …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/11/volatility-interface-extensions/