https://github.com/alphaSeclab/awesome-forensics
2019.12 [sans] HSTS For Forensics: You Can Run, But You Can't Use HTTP
2019.12 [eforensicsmag] 6 Threat Intelligence Sources That Will Help Enhance Digital Forensics Readiness | By Jonathan Zhang
2019.12 [mac4n6] New(ish) Presentation: Poking the Bear - Teasing out Apple's Secrets through Dynamic Forensic Testing and Analysis
2019.12 [4hou] 移动设备数字取证过程概述(下)
2019.12 [4hou] 移动设备数字取证过程概述(上)
2019.11 [freebuf] DFIRTriage:针对Windows的事件应急响应数字取证工具
2019.11 [freebuf] Windows系统安全事件日志取证工具:LogonTracer
2019.11 [compass] Challenging Your Forensic Readiness with an Application-Level Ransomware Attack
2019.11 [freebuf] AutoMacTC:一款针对macOS环境的自动化取证分类采集器
2019.11 [eforensicsmag] CRYPTO & DATA ERASURE: After forensic analysis drives should be securely wiped | By Paul Katzoff
2019.10 [eforensicsmag] Encrypted file system forensics - Introduction (EXT4) [FREE COURSE CONTENT]
2019.10 [4hou] iPhone取证的通用方法
2019.10 [Cooper] Beyond Windows Forensics With Built-in Microsoft Tooling - Thomas Fischer
2019.10 [Cooper] Memory Forensics Analysis Of Cisco IOS XR 32 Bits Routers With 'Amnesic-Sherpa' - Solal Jacob
2019.10 [4hou] 如何在Windows上重现macOS上的取证技巧
2019.10 [HackersOnBoard] Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machine
2019.10 [HackersOnBoard] Black Hat USA 2016 Memory Forensics Using Virtual Machine Introspection for Cloud Computing
2019.10 [elcomsoft] Installing and using iOS Forensic Toolkit on macOS 10.15 Catalina
2019.09 [mac4n6] Just Call Me Buffy the Proto Slayer – An Initial Look into Protobuf Data in Mac and iOS Forensics
2019.09 [venus] RDP 登录日志取证与清除
2019.09 [freebuf] Usbrip:用于跟踪USB设备固件的简单CLI取证工具
2019.09 [PositiveTechnologies] Forensics: why there are no perfect crimes
2019.09 [sans] Strengthen Your Investigatory Powers by Taking the New FOR498: Battlefield Forensics & Data Acquisition Course from SANS
2019.09 [4hou] 什么是数字取证(Digital forensics)? 如何在这个热门领域站稳脚跟?
2019.09 [4hou] 使用osquery进行远程取证
2019.09 [elcomsoft] Apple TV Forensics 03: Analysis
2019.09 [securelayer7] CAN Bus protocol Penetration testing and forensics
2019.09 [hackers] Network Forensics, Part 3: tcpdump for Network Analysis
2019.09 [freebuf] 浅谈电子数字取证技术
2019.09 [diablohorn] Notes on ZFS / Solaris forensics
2019.08 [THER] [tool] Network Forensics with Tshark
2019.08 [elcomsoft] Passcode vs. Biometrics: Forensic Implications of Touch ID and Face ID in iOS 12
2019.08 [hackers] Digital Forensics, Part 11: Recovering Stored Passwords from the Browser
2019.08 [freebuf] MIG:一款功能强大的高速分布式实时数据取证工具
2019.08 [freebuf] 用于监控USB设备连接事件的取证工具
2019.08 [0x00sec] CAN-bus protocol pentesting and forensics
2019.08 [4hou] 有没有想过一个问题,适用于移动设备的取证方法能否照搬到台式计算机上?
2019.08 [mac4n6] New Presentation from SANS DFIR Summit 2019 - They See Us Rollin', They Hatin' - Forensics of iOS CarPlay and Android Auto
2019.08 [X13Cubed] NTFS Journal Forensics
2019.08 [MastersInEthicalHacking] Computer Forensic Tutorials || Install Dumpzilla on Kali Linux
2019.07 [elcomsoft] Extended Mobile Forensics: Analyzing Desktop Computers
2019.07 [eforensicsmag] Mounting forensic images using losetup cli [FREE COURSE CONTENT]
2019.07 [elcomsoft] iOS 13 (Beta) Forensics
2019.07 [infosecinstitute] Getting started in digital forensics
2019.07 [4hou] iOS越狱和物理取证指南
2019.07 [4hou] 对Apple Watch的取证分析(续)
2019.07 [eforensicsmag] Case Study: Extracting And Analyzing Messenger Data With Oxygen Forensic Detective | By Nikola Novak
2019.07 [andreafortuna] How to convert a Windows SFS (Dynamic Disks) partition to regular partition for forensic analysis
2019.07 [4hou] Apple TV和Apple Watch的取证分析
2019.07 [arxiv] [1907.01421] Methodology for the Automated Metadata-Based Classification of Incriminating Digital Forensic Artefacts
2019.06 [arxiv] [1907.00074] Forensic Analysis of Third Party Location Applications in Android and iOS
2019.06 [elcomsoft] Apple Watch Forensics 02: Analysis
2019.06 [hackers] Network Forensics, Part 2: Packet-Level Analysis of the NSA's EternalBlue Exploit
2019.06 [elcomsoft] Apple TV and Apple Watch Forensics 01: Acquisition
2019.06 [eforensicsmag] Forensic Analysis of OpenVPN on iOS | By Jack Farley
2019.06 [mac4n6] New Presentation from MacDevOpsYVR 2019 - Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
2019.06 [eforensicsmag] Forensic Acquisitions over Netcat | By Ali Hadi
2019.06 [arxiv] [1906.10625] Antiforensic techniques deployed by custom developed malware in evading anti-virus detection
2019.06 [h2hconference] Memory anti-anti-forensics in a nutshell - Fuschini & Rodrigues - H2HC 2013
2019.06 [elcomsoft] Forensic Implications of iOS Jailbreaking
2019.06 [arxiv] [1906.05268] Differential Imaging Forensics
2019.06 [eforensicsmag] My Digital Forensic Career Pathway | By Patrick Doody
2019.05 [trailofbits] Using osquery for remote forensics
2019.05 [freebuf] CyberScan:用于数据包取证的渗透工具
2019.05 [HackEXPlorer] Digital Photo Forensics: How To analyze Fake Photos
2019.05 [eforensicsmag] "Most people neglect scrutinizing the basics" - Interview with Divya Lakshmanan, eForensics Instructor
2019.05 [andreafortuna] How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?
2019.05 [MastersInEthicalHacking] Computer Memory Forensic Tutorial
2019.05 [360] 2019 虎鲸杯电子取证大赛赛后复盘总结
2019.05 [eforensicsmag] BLAZESCAN – digital forensic open source tool | By Brian Laskowski
2019.04 [X13Cubed] Free Tools From Magnet Forensics
2019.04 [4hou] 利用LeechAgent对远程物理内存进行取证分析
2019.04 [freebuf] Imago-Forensics:Python实现的图像数字取证工具
2019.04 [andreafortuna] How to extract forensic artifacts from pagefile.sys?
2019.04 [scrtinsomnihack] Dear Blue Team: Forensics Advice to Supercharge your DFIR capabilities by Joe Gray (@c_3pjoe)
2019.04 [eforensicsmag] Instagram Forensics -Windows App Store | By Justin Boncaldo
2019.04 [arxiv] [1904.01725] Using Google Analytics to Support Cybersecurity Forensics
2019.03 [aliyun] Compromised Server--取证挑战
2019.03 [4hou] Windows注册表取证分析
2019.03 [arxiv] [1903.10770] Blockchain Solutions for Forensic Evidence Preservation in IoT Environments
2019.03 [compass] Windows Forensics with Plaso
2019.03 [checkpoint] Check Point Forensic Files: A New Monero CryptoMiner Campaign | Check Point Software Blog
2019.03 [arxiv] [1903.07703] A Survey of Electromagnetic Side-Channel Attacks and Discussion on their Case-Progressing Potential for Digital Forensics
2019.03 [hexacorn] PE Compilation Timestamps vs. forensics
2019.03 [0x00sec] A forensics repo?
2019.03 [crowdstrike] AutoMacTC: Automating Mac Forensic Triage
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (IV)
2019.03 [arxiv] [1904.00734] Forensics Analysis of Xbox One Game Console
2019.03 [ironcastle] Special Webcast: SOF-ELK(R): A Free, Scalable Analysis Platform for Forensic, incident Response, and Security Operations – March 5, 2019 1:00pm US/Eastern
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (III)
2019.03 [freebuf] 你可能没见过的流量取证
2019.03 [securityartwork] Exchange forensics: The mysterious case of ghost mail (II)
2019.03 [HackerSploit] Imago Forensics - Image Forensics Tutorial
2019.02 [freebuf] 对恶意树莓派设备的取证分析
2019.02 [] An Introduction to Exploratory Data Analysis with Network Forensics
2019.02 [htbridge] How to Use an Audit Log to Practice WordPress Forensics
2019.02 [htbridge] How to Use an Audit Log to Practice WordPress Forensics
2019.02 [arxiv] [1903.03061] DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge
2019.02 [arxiv] [1903.01396] A complete formalized knowledge representation model for advanced digital forensics timeline analysis
2019.02 [bhconsulting] AWS Cloud: Proactive Security and Forensic Readiness – part 5
2019.02 [infosecinstitute] Popular Computer Forensics Top 21 Tools [Updated for 2019]
2019.02 [cybrary] The Cost to Learn Computer Forensics
2019.02 [cybrary] “Ok Google. What is Forensic Analysis?”
2019.02 [360] 从PowerShell内存中提取取证脚本内容
2019.02 [eforensicsmag] How EnCase Software has Been Used Major Crime Cases (Plus how to use EnCase Forensic Imager Yourself) | By Brent Whitfield
2019.01 [4hou] Linux内存取证:解析用户空间进程堆(下)
2019.01 [4hou] Linux内存取证:解析用户空间进程堆(中)
2019.01 [cybrary] Computer Forensics Jobs: How to get a job, and what you should know
2019.01 [4hou] Linux内存取证:解析用户空间进程堆(上)
2019.01 [cybrary] Computer Forensics Jobs: Is it really that difficult to enter the field?
2019.01 [checkpoint] Check Point Forensic Files: GandCrab Returns with Friends (Trojans) | Check Point Software Blog
2019.01 [comae] Leveraging Microsoft Graph API for memory forensics
2019.01 [cybrary] Computer Forensics Jobs: Are there jobs available?
2019.01 [leeholmes] Extracting Forensic Script Content from PowerShell Process Dumps
2019.01 [freebuf] iOS取证技巧:在无损的情况下完整导出SQLite数据库
2019.01 [freebuf] TorPCAP:Tor网络取证分析技术
2019.01 [360] Windows 注册表取证分析
2019.01 [freebuf] Android取证:使用ADB和DD对文件系统做镜像
2019.01 [sans] Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection
2019.01 [fireeye] Digging Up the Past: Windows Registry Forensics Revisited
2019.01 [sans] SANS FOR585 Q&A: Smartphone Forensics - Questions answered
2019.01 [redcanary] Our Automation Solution, Exec, Now Features Forensics, Human Approvals, and More
2019.01 [4hou] CTF取证方法总结
2018.12 [hitbsecconf] #HITB2018DXB: Offensive Memory Forensics - Hugo Teso
2018.12 [4hou] Check Point取证报告:SandBlast客户端能够监测到无文件GandCrab
2018.12 [4hou] Apple FSEvents相关的取证问题总结
2018.12 [checkpoint] 使用交互式的报告来展示勒索软件GandCrab最近的攻击活动, 以及攻击流程
2018.12 [0x00sec] Anti-forensic and File-less Malware
2018.12 [sans] The new version of SOF-ELK is here. Download, turn on, and get going on forensics analysis.
2018.12 [eforensicsmag] Snapchat取证
2018.12 [andreafortuna] Android取证: 使用ADB和DD对文件系统做镜像
2018.12 [CodeColorist] iOS forensics trick: pull databases w/o full backup
2018.11 [DEFCONConference] DEF CON 26 DATA DUPLICATION VILLAGE - Lior Kolnik - The Memory Remains Cold Drive Memory Forensics
2018.11 [volatility] Malware and Memory Forensics Training in 2019!
2018.11 [eforensicsmag] LOGICUBE INTRODUCES EDUCATIONAL VIDEO SERIES FOR IT’S NEXT-GENERATION FORENSIC IMAGER, FALCON-NEO | from Logicube
2018.11 [mac4n6] Do it Live! Dynamic iOS Forensic Testing
2018.11 [arxiv] [1811.09239] Digital Forensics for IoT and WSNs
2018.11 [n0where] Extract Digital Evidences From Images: Imago-Forensics
2018.11 [andreafortuna] AutoTimeliner: automatically extract forensic timeline from memory dumps
2018.11 [freebuf] PcapXray:一款功能强大的带有GUI的网络取证工具
2018.11 [WildWestHackinFest] Six Sick Systems, One Hour: Investigate with Host Forensics
2018.11 [arxiv] [1811.01629] On the Transferability of Adversarial Examples Against CNN-Based Image Forensics
2018.11 [DEFCONConference] DEF CON 26 VOTING VILLAGE - Carsten Schurmann - A Comprehensive Forensic Analysis of WINVote Voting
2018.11 [arxiv] [1811.00701] Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset
2018.10 [hackers] 网络审计之Wireshark基础, Part2
2018.10 [aliyun] picoCTF2018 Writeup之Forensics篇
2018.10 [aliyun] 取证分析之发现Windows恶意程序执行痕迹
2018.10 [mac4n6] Video Now Available - #DFIRFIT or BUST: A Forensic Exploration of iOS Health Data
2018.10 [insanitybit] Grapl: A Graph Platform for Detection, Forensics, and Incident Response
2018.10 [krypt3ia] Ryan S. Lin: Cyber Stalking, VPN’s and Digital Forensics
2018.10 [pediy] [原创]取证分析之逆向服务器提权开启3389远程连接工具
2018.10 [malwarenailed] Live forensic collection and triage using CyLR, CDQR and Skadi
2018.10 [insinuator] Incident Analysis and Digital Forensics Summit 2018, 14th of November of 2018
2018.10 [SSTecTutorials] USB Forensics - Find History of Connected USB | Data Stolen By USB?
2018.10 [elearnsecurity] Top 5 Skills for a Career in Digital Forensics
2018.10 [eforensicsmag] Threat Intelligence: Taking a Fresh Look at Digital Forensics Backlogs | By Jonathan Zhang
2018.10 [welivesecurity] How to find forensic computer tools for each incident
2018.10 [elcomsoft] iOS Forensics Training in Vienna: 17-19 Oct 2018
2018.10 [andreafortuna] Accessing Volume Shadow Copies within a forensic image
2018.09 [hackers] Network Forensics, Part 2: Detecting and Analyzing a SCADA DoS Attack
2018.09 [hackers] Network Forensics, Wireshark Basics, Part 1
2018.09 [4hou] 如何对苹果设备进行云取证
2018.09 [4hou] 是迫于压力还是心甘情愿?年底之前,苹果将完成和执法机构的取证工作对接
2018.09 [eforensicsmag] Ethics and Forensics- Time To Take A Hard Look | By Marisa Dery
2018.09 [elcomsoft] Cloud Forensics: Why, What and How to Extract Evidence
2018.09 [arxiv] [1809.00745] IoTDots: A Digital Forensics Framework for Smart Environments
2018.09 [bhconsulting] AWS Cloud: Proactive Security and Forensic Readiness – part 4
2018.08 [freebuf] Hindsight:Google ChromeChromium历史访问记录取证工具
2018.08 [arxiv] [1808.01196] Enabling Trust in Deep Learning Models: A Digital Forensics Case Study
2018.08 [eforensicsmag] Tracking Photo’s Geo-location with GPS EXIF DATA – Forensic Analysis | By Bala Ganesh
2018.07 [arxiv] [1807.10436] Emerging from The Cloud: A Bibliometric Analysis of Cloud Forensics Studies
2018.07 [arxiv] [1807.10438] Internet of Things Security and Forensics: Challenges and Opportunities
2018.07 [arxiv] [1807.10445] Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study
2018.07 [arxiv] [1807.10359] B-CoC: A Blockchain-based Chain of Custody for Evidences Management in Digital Forensics
2018.07 [arxiv] [1807.10218] CloudMe Forensics: A Case of Big-Data Investigation
2018.07 [arxiv] [1807.10214] Cloud Storage Forensic: hubiC as a Case-Study
2018.07 [pentesttoolz] Hindsight – Internet History Forensics For Google Chrome/Chromium
2018.07 [arxiv] [1807.08264] Digital forensic investigation of two-way radio communication equipment and services
2018.07 [] Forensics Quickie: Identifying an Unknown GUID with Shellbags Explorer, Detailing Shell Item Extension Block 0xbeef0026, & Creative Cloud GUID Behavior
2018.07 [fireeye] Leveraging Intelligence with FireEye Network Forensics
2018.07 [NetflixTechBlog] Netflix SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud
2018.07 [Sebdraven] APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading
2018.07 [eforensicsmag] Digital Forensics – Tracking & Target Locating .Jpegs via Metadata (Exif) | By Hector Barquero
2018.07 [4hou] 攻击者从台湾科技公司窃取证书用于Plead恶意软件活动
2018.07 [eforensicsmag] Network Forensics Village | By Alexander Kot
2018.07 [HACKADAY] DataGram - Forensic Locksmithing
2018.07 [pentesttoolz] Guasap – WhatsApp Forensic Tool
2018.07 [hackread] 最佳网络取证工具Top 7
2018.06 [SecPgh] Tactical, Practical, Digital Forensics - John Grim
2018.06 [freebuf] 记一次服务器被入侵的调查取证
2018.06 [360] 企业APT攻击取证(windows版本)
2018.06 [elcomsoft] iOS Forensic Toolkit 4.0 with Physical Keychain Extraction
2018.06 [countuponsecurity] Digital Forensics – PlugX and Artifacts left behind
2018.06 [pediy] [翻译]WhatsApp取证:对加密数据库进行解密和在尚未被Root的Android设备上提取已删除的消息
2018.06 [X13Cubed] RDP Event Log Forensics
2018.06 [mac4n6] Presentation - #DFIRFIT or BUST: A Forensic Exploration of iOS Health Data (SANS DFIR Summit)
2018.06 [0x00sec] Intro to Digital Forensics [Part 2 - Methodology and Process Models]
2018.06 [SecurityFest] Solomon Sonya - Advanced Memory Forensics NextGen Actionable Threat Intelligence - SecurityFest 2018
2018.06 [andreafortuna] Dumpzilla: a forensic tool to extract information from browsers based on Firefox
2018.06 [andreafortuna] analyzeMFT介绍
2018.05 [aliyun] 【取证分析】CentOS_5.5_安装GCC编译LiME
2018.04 [freebuf] 内存取证:查找Metasploit的Meterpreter踪迹
2018.04 [360] 如何通过内存取证技术追踪Metasploit Meterpreter
2018.03 [freebuf] 如何对已损坏的SQLite数据库取证分析?
2018.03 [hackers] Digital Forensics, Part 10: Mobile Forensics (Android)
2018.03 [4hou] 数字取证调查中如何获取网络连接的时间戳?
2018.03 [hackers] Digital Forensics, Part 5: Analyzing the Windows Registry for Evidence
2018.03 [360] WhatsApp取证技术:如何在未Root的Android设备上解密数据库
2018.03 [sec] 网络犯罪调查与电子数据取证
2018.02 [hackers] Network Forensics, Part 1
2018.02 [freebuf] iPhone X未能幸免 | 以色列取证企业发现解锁任意iPhone设备的方法
2018.02 [hackingarticles] Digital Forensics Investigation through OS Forensics (Part 3)
2018.02 [hackingarticles] Convert Virtual Machine to Raw Images for Forensics (Qemu-Img)
2018.01 [hackingarticles] Digital Forensics Investigation through OS Forensics (Part 2)
2018.01 [hackingarticles] Digital Forensics Investigation using OS Forensics (Part1)
2018.01 [hackingarticles] Forensic Imaging through Encase Imager
2018.01 [hackingarticles] Forensic Investigation of Nmap Scan using Wireshark
2018.01 [boredhackerblog] Digital Forensics and Law
2018.01 [hackingarticles] Forensic Data Carving using Foremost
2018.01 [4hou] 云存储服务的数字取证(下)
2018.01 [4hou] 云存储服务的数字取证(上)
2018.01 [hackingarticles] Forensics Tools in Kali
2018.01 [hackingarticles] Network Packet Forensic using Wireshark
2017.12 [cert] GreHack 2017 – Write Up Forensic 400
2017.11 [freebuf] 著名开源网络取证工具Xplico远程未授权RCE漏洞
2017.10 [freebuf] 反取证技术:内核模式下的进程隐蔽
2017.10 [4hou] 内存取证分析的实战演练
2017.10 [n0where] Wireless Monitoring, Intrusion Detection & Forensics: Nzyme
2017.09 [sans] Forensic use of mount --bind
2017.09 [360] PCRT:一款自动化检测修复PNG损坏的取证工具
2017.09 [elcomsoft] iOS 11 中的新安全措施及其Forensic Implications
2017.08 [freebuf] 内存取证三项CTF赛题详解
2017.08 [aliyun] 威胁猎杀与主动取证
2017.08 [securelayer7] 胖客户端渗透测试的工具与技巧 - Part 4: 静态分析、内存取证与逆向分析
2017.08 [freebuf] 详解Windows注册表分析取证
2017.08 [pediy] [翻译]CTF取证类题目指南
2017.07 [aliyun] [ISS 2017]电子数据取证 议题分享一:网络犯罪魔与道:过去、现在、未来
2017.07 [aliyun] [ISS 2017]电子数据取证 议题分享二:计算机取证,科学?
2017.07 [4hou] BlackHat2017热点之DefPloreX---大规模网络犯罪取证的机器学习工具
2017.07 [trendmicro] defplorex 介绍
2017.07 [securelist] bitscout 介绍
2017.06 [360] 数字取证技术——NTFS更改日志
2017.06 [secist] 22款受欢迎的计算机取证工具
2017.06 [freebuf] 22款受欢迎的计算机取证工具
2017.06 [4hou] 工具推荐:22款最流行的计算机取证工具【2017年更新版】
2017.06 [nicoleibrahim] Apple FSEvents 取证。文章从较高的角度介绍了 Apple 存储在磁盘上的文件系统事件,包括 FSEvents 的背景信息、日志位置、记录结构、行为、事件解析、值得注意的事件以及事件说明等。
2017.06 [freebuf] 基于bro的计算机入侵取证实战分析
2017.06 [n0where] Digital Forensics Platform: Autopsy
2017.05 [360] Linux取证技术实践
2017.05 [countuponsecurity] 数据取证:NTFS change journal
2017.05 [freebuf] 计算机取证在企业安全中的实际应用
2017.04 [hackingarticles] Mobile Forensics Investigation using Cellebrite UFED
2017.04 [ionize] BSides Canberra 2017 CTF Writeup – Forensics – Capture This Challenge
2017.03 [4hou] 反取证、密码学、逆向工程软件…… 10大最好的网络安全Reddit都在这儿
2017.03 [freebuf] 数字取证技术 :Windows内存信息提取
2017.03 [csyssec] 名人课堂-高级数字取证与数据逆向工程
2017.01 [n0where] Open Source File System Digital Forensics: The Sleuth Kit
2017.01 [securestate] CTF Example – Forensics
2017.01 [welivesecurity] Forensic analysis techniques for digital imaging
2017.01 [freebuf] 为保护隐私而生,反取证操作系统:kodachi
2017.01 [n0where] Secure Anti Forensic Anonymous Operating System: kodachi
2016.12 [lightless] SECCON2016取证题WriteUP
2016.11 [hackers] Digital Forensics, Part 8: Live Analysis with sysinternals
2016.11 [hackers] Digital Forensics, Part 7: Browser Forensics
2016.11 [n0where] PowerShell Digital Forensics: PowerForensics
2016.11 [hackers] Digital Forensics, Part 6: Analyzing Windows Pre-fetch Files for Evidence
2016.10 [hackers] Digital Forensics, Part 4: Finding Key Evidence in the Forensic Image
2016.10 [hackers] Digital Forensics, Part 3: Recovering Deleted Files
2016.10 [hackers] Anti-Forensics: How to Clear Evidence Like Hillary Clinton
2016.09 [hackers] Digital Forensics, Part 2: Live Memory Acquisition and Analysis
2016.09 [sans] Back in Time Memory Forensics
2016.09 [hackers] Digital Forensics, Part 1: Capturing a Forensically Sound Image
2016.09 [sans] Windows Events log for IR/Forensics ,Part 2
2016.09 [n0where] Windows Forensic Data Collection: IR-rescue
2016.09 [sans] Windows Events log for IR/Forensics ,Part 1
2016.09 [n0where] Forensic File System Reconstruction: RecuperaBit
2016.08 [n0where] USB Anti Forensic Tool: usbdeath
2016.08 [rapid7] Using Log Data as Forensic Evidence
2016.08 [sans] Looking for the insider: Forensic Artifacts on iOS Messaging App
2016.08 [n0where] OS X Forensic Evidence Collection: OSXCollector
2016.07 [n0where] Incident Response Forensic Framework: nightHawk Response
2016.07 [n0where] Offline Digital Forensics Tool for Binary Files: ByteForce
2016.06 [hackers] Covering your BASH Shell Tracks- Anti-Forensics
2016.06 [rapid7] Trip Report: Techno Security & Forensics Investigations Conference
2016.06 [sans] Performing network forensics with Dshell. Part 2: Decoder development process
2016.05 [sans] Performing network forensics with Dshell. Part 1: Basic usage
2016.05 [n0where] Open Source Intelligence and Forensics : Maltego
2016.04 [sans] An Introduction to Mac memory forensics
2016.04 [n0where] Advanced Forensics File Format: AFF4
2016.03 [sans] Improving Bash Forensics Capabilities
2016.03 [sans] Forensicating Docker, Part 1
2016.03 [hackingarticles] Wifi Forensic Investigation using Wifihistoryview
2016.02 [freebuf] 针对爱尔兰DDoS攻击的取证分析
2016.02 [nsfocus] 加强调查取证,夯实威胁情报基础
2016.02 [360] 新型DDOS攻击分析取证
2016.01 [freebuf] Joy:捕获数据包、分析网络流量数据、网络取证及安全监控工具
2016.01 [freebuf] 分析取证指南:取证工具推荐
2016.01 [sans] toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015.12 [freebuf] 针对国外一款超火约会软件Tinder的取证分析
2015.12 [freebuf] 开源网络取证工具Xplico
2015.11 [secist] 调查取证之图像还原
2015.11 [secist] 调查取证之文字还原
2015.11 [n0where] Network Forensic Analysis Tool: Xplico
2015.11 [n0where] Digital Forensics Distro: CAINE
2015.11 [hackingarticles] Forensic Investigation of Any Mobile Phone with MOBILedit Forensic
2015.10 [hackingarticles] Android Mobile Device Forensics with Mobile Phone Examiner Plus
2015.10 [360] WMI 的攻击,防御与取证分析技术之攻击篇
2015.10 [hackingarticles] How to Create a Forensic Image of Android Phone using Magnet Acquire
2015.10 [hackingarticles] Forensics Investigation of Android Phone using Andriller
2015.10 [hackingarticles] Logical Forensics of an Android Device using AFLogical
2015.10 [hackingarticles] SANTOKU Linux- Overview of Mobile Forensics Operating System
2015.10 [hackingarticles] Forensics Analysis of Pagefile and hibersys File in Physical Memory
2015.09 [hackingarticles] 4 ways Capture Memory for Analysis (Memory Forensics)
2015.09 [hackingarticles] Forensic Investigation of RAW Image using Forensics Explorer (Part 1)
2015.09 [hackingarticles] Forensic Investigation Tutorial Using DEFT
2015.09 [freebuf] “短信拦截马”黑色产业链与溯源取证研究
2015.07 [hackingarticles] Forensics Investigon of RAW Images using Belkasoft Evidence Center
2015.07 [hackingarticles] How to Clone Drive for Forensics Purpose
2015.06 [hackingarticles] Best of Computer Forensics Tutorials
2015.06 [hackingarticles] Forensics Investigation of Deleted Files in a Drive
2015.06 [hackingarticles] Comparison of two Files for forensics investigation by Compare IT
2015.06 [hackingarticles] Live Forensics Case Investigation using Autopsy
2015.06 [hackingarticles] How to Install Digital Forensics Framework in System
2015.06 [hackingarticles] Forensics Investigation of Facebook, Skype, and Browsers in RAW Image using IEF (Internet Evidence Finder)
2015.06 [hackingarticles] How to Create Drive Image for Forensic Purpose using Forensic Replicator
2015.06 [hackingarticles] Outlook Forensics Investigation using E-Mail Examiner
2015.06 [hackingarticles] How to Preserve Forensics Image file Timestamp
2015.05 [hackingarticles] Forensics Investigation of Evidence RAW Image using OS Forensics Tool
2015.05 [hackingarticles] How to Create and Convert RAW Image in Encase and AFF Format using Forensics Imager
2015.05 [hackingarticles] How to Mount Forensics image as a Drive using P2 eXplorer Pro
2015.05 [hackingarticles] How to gather Forensics Investigation Evidence using ProDiscover Basic
2015.05 [hackingarticles] How to study Forensics Evidence of PC using P2 Commander (Part 2)
2015.05 [hackingarticles] How to Collect Forensics Evidence of PC using P2 Commander (Part 1)
2015.05 [hackingarticles] How to Create Forensics Image of PC using R-Drive Image
2015.04 [hackingarticles] Forensic Investigation of victim pc using Autopsy
2015.04 [hackingarticles] Forensic Investigation of any Twitter account
2015.04 [hackingarticles] How to perform Forensic Investigation on user Linkedin Account
2015.04 [hackingarticles] How to Perform Forensic Investigation on YouTube
2015.04 [hackingarticles] Forensic Investigation of any FaceBook Profile
2015.04 [sans] Memory Forensics Of Network Devices
2015.03 [hackingarticles] How to find the usage of files in Remote victim PC (Remote PC Forensics)
2015.03 [] Web日志取证分析工具
2015.02 [] 电子取证实例:基于磁盘的数据取证
2015.02 [n0where] Forensic Data Extraction: Bulk Extractor
2015.02 [] 从一次取证到反渗透
2015.02 [sans] Another Network Forensic Tool for the Toolbox - Dshell
2015.02 [freebuf] 电子取证实例:基于文件系统的磁盘数据取证分析
2015.01 [n0where] Dshell – Network Forensic Analysis Framework
2015.01 [hackingarticles] How to Collect Email Evidence in Victim PC (Email Forensics)
2015.01 [hackingarticles] Forensics Analysis of Social Media Sites like Facebook, Twitter, LinkedIn
2014.11 [freebuf] Linux入侵取证:从一次应急事件讲起
2014.10 [] 云端博弈——云安全入侵取证及思考
2014.10 [tencent] 云端博弈——云安全入侵取证及思考
2014.10 [sec] 容易被忽略的Anti-APT产品-网络取证工具NFT
2014.08 [n0where] Digital Forensics Toolkit: DEFT
2014.08 [freebuf] FB公开课录像:隐蔽通信(FQ)和侦查取证那些事儿
2014.07 [freebuf] FreeBuf公开课(直播课程):隐蔽通信(FQ)和侦查取证那些事儿
2014.05 [freebuf] 电子取证之Linux PCI分析
2014.04 [hackingarticles] Hack MOBILedit Forensic 6.9 Registration (Easy Way)
2014.03 [freebuf] 走进计算机取证分析的神秘世界
2014.02 [hackingarticles] Forensics Investigation of Remote PC (Part 2)
2014.02 [hackingarticles] Forensics Investigation of Remote PC (Part 1)
2014.01 [freebuf] 渗透测试中的冷却启动攻击和其他取证技术
2013.12 [pediy] [原创]xls文件取证
2013.11 [n0where] Network Takeover Forensic Analysis: FS-NyarL
2013.05 [sans] Call for Papers - 4th annual Forensics and Incident Response Summit EU
2013.05 [freebuf] 移动设备取证、恶意软件分析和安全测试套件—Santoku
2013.05 [n0where] Mobile Forensics: Santoku
2013.04 [freebuf] 针对取证的GNU/Linux发行版: PALADIN
2013.01 [pediy] [推荐]Android取证和安全测试开放课程
2012.10 [welivesecurity] PC Support Scams: a Forensic View
2012.10 [welivesecurity] Defeating anti-forensics in contemporary complex threats
2012.09 [freebuf] [更新]GUI界面文件信息取证分析工具-FileInfo V6.0
2012.07 [freebuf] 渗透测试、电子取证系统 – Bugtraq-I
2012.07 [freebuf] Iphone取证(一)
2012.06 [freebuf] 开源数字调查/取证工具 – Sleuth Kit v4.0.0 Beta1
2012.05 [freebuf] 数字取证工具包-SIFT
2012.03 [hackingarticles] Antivirus Forensics Tools
2012.02 [hackingarticles] BFT (Browser Forensic Tool )
2012.01 [rapid7] Metasploit Updated: Forensics, SCADA, SSH Public Keys, and More
2012.01 [rapid7] Adventures in the Windows NT Registry: A step into the world of Forensics and Information Gathering
2011.11 [hackingarticles] How to View Windows system reboot Date and Time (Windows Forensics)
2011.09 [sans] Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011.09 [hackingarticles] Find Last Connected USB on your system (USB Forensics)
2011.09 [hackingarticles] List of Computer Forensics Tools (Part 1)
2010.11 [trendmicro] STUXNET Scanner: A Forensic Tool
2010.09 [sans] Quick Forensic Challenge
2010.06 [sans] New Honeynet Project Forensic Challenge
2010.05 [sans] SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010.05 [sans] 2010 Digital Forensics and Incident Response Summit
2010.04 [sans] Network and process forensics toolset
2010.01 [sans] Forensic challenges
2009.12 [sans] Anti-forensics, COFEE vs. DECAF
2009.08 [sans] Network Forensics Puzzle Contest
2009.08 [sans] Forensics: Mounting partitions from full-disk 'dd' images
2009.07 [riusksk] Windows平台下的监控取证技术
2009.07 [pediy] [原创]Windows平台下的取证技术
2008.10 [sans] Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2005.05 [sans] Firefox 1.0.4; DNSSEC Tools; Phisher's benefit use Google link; Viewing Chat Logs; Web Browser Forensics; Gecko Based Browers HTTP Authentication Prompt Vulnerability
2019.11 [volatility] Results from the 2019 Volatility Contests are in!
2019.10 [volatility] Announcing the Volatility 3 Public Beta!
2019.10 [countuponsecurity] Notes on Linux Memory Analysis – LiME, Volatility and LKM’s
2019.10 [doyler] BofA Forensics and Volatility for the Win (DerbyCon 9)
2019.07 [cristivlad25] Practical Pentesting - How to do Memory Forensics with Volatility - AttackDefense Labs
2019.06 [infosecinstitute] Ransomware analysis with Volatility
2019.04 [andreafortuna] How to analyze a VMware memory image with Volatility
2019.03 [4hou] 基础事件响应中的Volatility工作流程
2019.01 [sans] Mac Memory Analysis with Volatility
2019.01 [sans] Android Mind Reading - Memory Acquisition and Analysis with LiME and Volatility
2019.01 [sans] Volatility Bot
2018.11 [volatility] Results from the 2018 Volatility Contests are in!
2018.08 [jpcert] Volatility Plugin for Detecting Cobalt Strike Beacon
2018.07 [aliyun] 利用Volatility进行入侵痕迹分析
2018.07 [andreafortuna] Digital forensics chronicles: image identification issues on large memory dump with Volatility
2018.07 [andreafortuna] Finding malware on memory dumps using Volatility and Yara rules
2018.05 [pentesttoolz] Linux Screenshot XWindows – Volatility Plugin To Extract X Screenshots From A Memory Dump
2018.05 [volatility] The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest!
2018.05 [pentestingexperts] Memory Forensics Investigation using Volatility (Part 1)
2018.05 [cybertriage] Using Volatility in Cyber Triage to Analyze Memory
2018.04 [acolyer] Espresso: brewing Java for more non-volatility with non-volatile memory
2018.03 [broadanalysis] Guest Blog Post: njRat Analysis with Volatility
2018.03 [X13Cubed] Volatility Profiles and Windows 10
2018.01 [cydefe] Tools 101: Volatility Usage
2018.01 [hackingarticles] Memory Forensics Investigation using Volatility (Part 1)
2017.12 [360] 如何使用QEMU和Volatility攻击全盘加密的系统
2017.12 [diablohorn] 使用 qemu 和volatility 攻击加密系统
2017.11 [pentestingexperts] Stuxnet’s Footprint in Memory with Volatility 2.0
2017.11 [volatility] Results from the (5th Annual) 2017 Volatility Plugin Contest are in!
2017.10 [sans] Using Yara rules with Volatility
2017.10 [4hou] 使用Volatility检测DoublePulsar
2017.08 [shelliscoming] 编写 Volatility 插件,轻松识别内存中的 DoublePulsar SMB implant
2017.08 [nextplatform] The Ironic – And Fleeting – Volatility In NVM Storage
2017.05 [360] 电子取证技术之实战Volatility工具
2017.04 [volatility] The (5th Annual) 2017 Volatility Plugin Contest is Live!
2017.02 [ponderthebits] OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
2017.01 [freebuf] 利用Volatility进行Windows内存取证分析(二):内核对象、内核池学习小记
2017.01 [freebuf] 利用Volatility进行Windows内存取证分析(一):初体验
2016.12 [volatility] The Release of Volatility 2.6
2016.12 [volatility] Results from the 2016 Volatility Plugin Contest are in!
2016.10 [sans] Volatility Bot: Automated Memory Analysis
2016.10 [tisiphone] Using Team Cymru’s MHR with Volatility
2016.10 [n0where] Automated Memory Analyzer For Malware Samples: VolatilityBot
2016.09 [volatility] Volatility Update: Core team is growing!
2016.09 [cysinfo] Detecting Malicious Processes Using Psinfo Volatility Plugin
2016.09 [cysinfo] Detecting Deceptive Process Hollowing Techniques Using HollowFind Volatility Plugin
2016.08 [linoxide] How to Setup Volatility Tool for Memory Analysis
2016.07 [cysinfo] Linux Memory Diff Analysis using Volatility
2016.06 [cysinfo] Hunting APT RAT 9002 In Memory Using Volatility Plugin
2016.05 [freebuf] 使用VOLATILITY发现高级恶意软件
2016.04 [virusbulletin] VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
2016.04 [holisticinfosec] toolsmith #115: Volatility Acuity with VolUtility
2016.04 [volatility] Airbnb Donates $999 to the 2016 Volatility Plugin Contest!
2016.04 [volatility] The 2016 Volatility Plugin Contest is now live!
2016.02 [360] 在windows环境下使用Volatility或PE Capture捕捉执行代码(PE/DLL/驱动恶意文件)
2016.02 [tribalchicken] Extracting FileVault 2 Keys with Volatility
2016.02 [tribalchicken] Extracting FileVault 2 Keys with Volatility
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Overview
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 1: Mimikatz & lsass.exe Dump
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 2: Windows 7 Full Memory Dump & Get Hashes
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 3: WinDBG Mimikatz Extension
2016.02 [govolution] Windows Credentials and Memory Dumps – Part 4: Volatility & Mimikatz
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 6: VMWare Workstation
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 7: ESXi Server
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 8: ESXi Attacking Scenario – Volatility on ESXi
2016.02 [govolution] Memdumps, Volatility, Mimikatz, VMs – Part 9: Logging & Monitoring ESXi
2016.01 [sans] Some useful volatility plugins
2016.01 [metabrik] Malware analysis with VM instrumentation, WMI, winexe, Volatility and Metabrik
2015.11 [volatility] Guest Post: Martin Korman (VolatilityBot - An Automated Malicious Code Dumper)
2015.11 [tribalchicken] Extracting BitLocker keys with Volatility (PoC)
2015.11 [tribalchicken] Extracting BitLocker keys with Volatility (PoC)
2015.11 [secist] 调查取证之Volatility框架的使用
2015.11 [n0where] Volatile Memory Extraction: The Volatility Framework
2015.11 [volatility] PlugX: Memory Forensics Lifecycle with Volatility
2015.10 [volatility] Results from the 2015 Volatility Plugin Contest are in!
2015.10 [autopsy] The Volatility team talks proactive threat hunting with memory forensics (an OSDFCon presentation)
2015.10 [angelalonso] Android Memory Analysis (II) - Extracting the memory and analyzing with Volatility
2015.09 [airbuscybersecurity] Volatility plugin for PlugX updated
2015.08 [volatility] Volatility Updates Summer 2015
2015.07 [volatility] The 2015 Volatility Plugin contest is now live!
2015.07 [volatility] Volatility at Black Hat USA & DFRWS 2015!
2015.02 [kudelskisecurity] Volatility plugin for Dyre
2014.12 [sans] Some Memory Forensic with Forensic Suite (Volatility plugins)
2014.10 [volatility] Announcing the 2014 Volatility Plugin Contest Results!
2014.09 [volatility] The Volatility Foundation: Fighting for Open Source Forensics
2014.09 [volatility] Volatility 2.4 at Blackhat Arsenal - Defeating Truecrypt Disk Encryption
2014.09 [volatility] Facebook Donation Doubles the Volatility Plugin Contest Prizes
2014.09 [volatility] Heads Up! 2014 Volatility Plugin Contest Deadline Extended!
2014.08 [volatility] Volatility 2.4 at Blackhat Arsenal - Reverse Engineering Rootkits
2014.08 [] Forensic FOSS: 4n6k_volatility_installer.sh - Install Volatility For Linux Automatically
2014.08 [volatility] Volatility 2.4 at Blackhat Arsenal - Tracking Mac OS X User Activity
2014.08 [toolswatch] Volatility v2.4 – Art of Memory Forensics Released
2014.08 [volatility] New Volatility 2.4 Cheet Sheet with Linux, Mac, and RTFM
2014.08 [volatility] Presenting Volatility Foundation Volatility Framework 2.4
2014.07 [volatility] Volatility at Black Hat USA & DFRWS 2014
2014.05 [volatility] Volatility - Update All The Things
2014.04 [volatility] Volatility Memory Forensics and Malware Analysis Training in Australia!
2014.03 [reverse] Teaching Rex another TrustedBSD trick to hide from Volatility
2014.03 [mcafee] Timeline of Bitcoin Events Demonstrates Online Currency’s Volatility
2014.02 [freebuf] 利用Volatility查找系统中的恶意DLL
2014.02 [freebuf] Linux下内存取证工具Volatility的使用
2014.02 [volatility] Training by The Volatility Project Now Available In Three Continents!
2013.11 [holisticinfosec] Volatility 2.3 and FireEye's diskless, memory-only Trojan.APT.9002
2013.11 [toolswatch] Volatility The advanced memory forensics framework v2.3 available (Support of OSX)
2013.10 [volatility] Volatility 2.3 Released! (Official Mac OS X and Android Support)
2013.09 [volatility] Leveraging CybOX with Volatility
2013.08 [quequero] Quick Volatility overview and R.E. analysis of Win32.Chebri
2013.08 [volatility] Results are in for the 1st Annual Volatility Framework Plugin Contest!
2013.06 [sans] Volatility rules...any questions?
2013.06 [volatility] MOVP II - 4.5 - Mac Volatility vs the Rubilyn Kernel Rootkit
2013.05 [volatility] Automated Volatility Plugin Generation with Dalvik Inspector
2013.05 [securityintelligence] Zeus Analysis – Memory Forensics via Volatility
2013.05 [volatility] MoVP II - 2.3 - Creating Timelines with Volatility
2013.05 [volatility] MOVP II - 1.5 - ARM Address Space (Volatility and Android / Mobile)
2013.05 [volatility] What's Happening in the World of Volatility?
2013.04 [cyberarms] Volatility Memory Analysis Article Featured in eForensics Magazine
2013.03 [volatility] Official Training by Volatility - Reston/VA, June 2013
2013.01 [theevilbit] Backtrack Forensics: Memory analysis with volatility
2013.01 [volatility] The 1st Annual Volatility Framework Plugin Contest
2013.01 [hackingarticles] Volatility – An advanced memory forensics framework
2012.12 [volatility] What do Upclicker, Poison Ivy, Cuckoo, and Volatility Have in Common?
2012.12 [securityartwork] New MFTParser plugin in the alpha version of Volatility
2012.11 [volatility] Windows Memory Forensics Training for Analysts by Volatility Developers
2012.10 [volatility] OMFW 2012: Analyzing Linux Kernel Rootkits with Volatility
2012.10 [volatility] MoVP for Volatility 2.2 and OMFW 2012 Wrap-Up
2012.10 [volatility] Solving the GrrCon Network Forensics Challenge with Volatility
2012.10 [volatility] Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit
2012.09 [volatility] MoVP 3.5: Analyzing the 2008 DFRWS Challenge with Volatility
2012.09 [volatility] MoVP 2.5: Investigating In-Memory Network Data with Volatility
2012.09 [sans] Volatility: 2.2 is Coming Soon
2012.09 [volatility] Month of Volatility Plugins (MoVP)
2012.08 [sans] Digital Forensics Case Leads: Identifying TrueCrypt volumes with Volatility, Malware that can sneak into VM's and more....
2012.08 [sans] Digital Forensics Case Leads: Multi-plat RAT, No US Cybersecurity bill, Dropbox drops a doozie, Volatility everywhere
2012.07 [sans] Digital Forensics Case Leads: Skype acting weird, Mircosoft backdooring Skype! Volatility with x64 support... Facebook censoring chats for criminal activities!? A Russian hacker challenge Apple by bypassing Apple Store authentication mechanism and get apps for free!!! All that and more, this week on Case Leadsâ¦
2012.04 [hiddenillusion] YARA + Volatility ... the beginning
2012.03 [hiddenillusion] Making Volatility work for you
2011.10 [quequero] Shylock via volatility
2011.09 [holisticinfosec] toolsmith: Memory Analysis with DumpIt and Volatility
2011.08 [sans] Digital Forensics Case Leads: SIFT 2.1, Volatility 2.0
2011.02 [toolswatch] Volatility The advanced memory forensics framework v1.4 released
2011.01 [sans] A Quick Look at Volatility 1.4 RC1 - What's New?
2010.05 [holisticinfosec] Memory forensics with SIFT 2.0, Volatility, and PTK
2010.02 [sans] Digital Forensics Case Leads: Volatility and RegRipper, Better Together
2009.07 [sans] New Volatility plugins
2009.05 [sans] More new volatility plugins
2009.04 [windowsir] New Volatility Plugins
2009.03 [moyix] Using Volatility for Introspection
2009.03 [moyix] RegRipper and Volatility Prototype
2008.08 [windowsir] Volatility 1.3 is out!
2008.08 [moyix] Volatility 1.3 is out!
[5208 星][7m] [Py] usarmyresearchlab/dshell 可扩展的网络取证分析框架。支持快速开发插件,以支持剖析网络数据包捕获。
[3337 星][11d] [Py] google/grr remote live forensics for incident response
[1912 星][13d] [Shell] toniblyx/prowler AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks including GDPR and HIPAA (+100). Official CIS for AWS guide:
[1227 星][12d] [Py] google/timesketch Collaborative forensic timeline analysis
[1155 星][4m] [Go] mozilla/mig 分布式实时数字取证和研究平台
[1024 星][13d] [Py] ondyari/faceforensics Github of the FaceForensics dataset
[1017 星][12d] [Rich Text Format] decalage2/oletools python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
[949 星][2y] [C#] invoke-ir/powerforensics PowerForensics provides an all in one platform for live disk forensic analysis
[883 星][2m] [C] cisco/joy 捕获和分析网络流数据和intraflow数据,用于网络研究、取证和安全监视
[832 星][27d] [Py] yampelo/beagle an incident response and digital forensics tool which transforms security logs and data into graphs.
[791 星][4m] [Py] srinivas11789/pcapxray 网络取证工具:离线将捕获数据包可视化为网络图,包括设备标识,突出显示重要的通信和文件提取
[762 星][2m] [Py] snovvcrash/usbrip Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux
[544 星][1m] [Go] biggiesmallsag/nighthawkresponse Incident Response Forensic Framework
[485 星][26d] [Py] netflix-skunkworks/diffy a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
[429 星][3m] [Py] obsidianforensics/hindsight Internet history forensics for Google Chrome/Chromium
[419 星][20d] [Py] forensicartifacts/artifacts Digital Forensics Artifact Repository
[395 星][2y] [PS] cryps1s/darksurgeon a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
[392 星][11m] [Go] mozilla/masche MIG Memory Forensic library
[381 星][5y] [JS] le4f/pcap-analyzer 在线轻量Pcap流量文件分析工具
[349 星][3m] [Shell] orlikoski/skadi collection, processing and advanced analysis of forensic artifacts and images.
[324 星][11m] [Py] alessandroz/lazagneforensic Windows passwords decryption from dump files
[320 星][2y] [C] fireeye/rvmi steroids 调试器,利用 VMI(Virtual Machine Introspection) 和内存取证来提供全面的系统分析
[316 星][12d] [Py] google/turbinia Automation and Scaling of Digital Forensics Tools
[303 星][2m] [Shell] vitaly-kamluk/bitscout 远程数据取证工具
[295 星][3y] invoke-ir/forensicposters 多种数据结构图解:MBR/GPT/...
[274 星][13d] [Perl] owasp/o-saft OWASP SSL advanced forensic tool
[268 星][3y] [Py] ghirensics/ghiro Automated image forensics tool
[263 星][7m] [Batchfile] diogo-fernan/ir-rescue A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
[260 星][1m] [Py] google/docker-explorer A tool to help forensicate offline docker acquisitions
[252 星][1y] [C++] comaeio/swishdbgext Incident Response & Digital Forensics Debugging Extension
[247 星][1m] [Py] orlikoski/cdqr a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
[245 星][1y] [Py] crowdstrike/forensics Scripts and code referenced in CrowdStrike blog posts
[233 星][2m] [C] elfmaster/libelfmaster Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
[225 星][3m] [Py] crowdstrike/automactc Automated Mac Forensic Triage Collector
[224 星][4y] [Java] nowsecure/android-forensics Open source Android Forensics app and framework
[213 星][2y] [C#] shanek2/invtero.net A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
[202 星][11m] [Py] medbenali/cyberscan Network's Forensics ToolKit
[191 星][2m] [Py] lazza/recuperabit A tool for forensic file system reconstruction.
[177 星][11d] [Py] markbaggett/srum-dump A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
[176 星][4y] [Py] csababarta/ntdsxtract Active Directory forensic framework
[168 星][2y] [Py] monrocoury/forensic-tools A collection of tools for forensic analysis
[162 星][6m] [Py] cvandeplas/elk-forensics ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)
[162 星][2m] [C++] gregwar/fatcat FAT filesystems explore, extract, repair, and forensic tool
[158 星][2m] [Py] travisfoley/dfirtriage Digital forensic acquisition tool for Windows based incident response.
[154 星][9m] [Py] vikwin/pcapfex 'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files
[150 星][4m] [Py] stuhli/dfirtrack 数字取证, 与事件响应追踪. 基于Django
[149 星][4y] [Py] arxsys/dff a Forensics Framework coming with command line and graphical interfaces
[146 星][2y] [Py] davidpany/wmi_forensics scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files
[141 星][2m] [C++] dfir-orc/dfir-orc Forensics artefact collection tool for systems running Microsoft Windows
[139 星][2y] [Py] jrbancel/chromagnon Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
[131 星][2m] [Py] benjeems/packetstrider A network packet forensics tool for SSH
[131 星][2m] [Py] log2timeline/dfvfs Digital Forensics Virtual File System (dfVFS)
[123 星][3y] [PS] silverhack/voyeur generate a fast (and pretty) Active Directory report.
[122 星][3m] [Py] redaelli/imago-forensics a python tool that extract digital evidences from images.
[119 星][2y] [PS] javelinnetworks/ir-tools forensics of domain based attacks on an infected host
[118 星][13d] [Py] domainaware/parsedmarc 解析DMARC报告的Python脚本, 含cli
[115 星][1y] [Shell] theflakes/ultimate-forensics-vm Evolving directions on building the best Open Source Forensics VM
[113 星][1y] [C#] damonmohammadbagher/meterpreter_payload_detection Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
[112 星][8m] [PHP] xplico/xplico Open Source Network Forensic Analysis Tool (NFAT)
[108 星][5y] [Py] mspreitz/adel dumps all important SQLite Databases from a connected Android smartphone to the local disk and analyzes these files in a forensically accurate workflow
[108 星][3y] projectretroscope/retroscope Public release of the RetroScope Android memory forensics framework
[99 星][2y] [Py] trendmicro/defplorex 一种用于大规模电子犯罪取证的机器学习工具包
[98 星][6y] [Py] matonis/page_brute a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys
[97 星][5m] [Py] woanware/usbdeviceforensics Python script for extracting USB information from Windows registry hives
[96 星][1m] [Py] airbus-cert/regrippy a framework for reading and extracting useful forensics data from Windows registry hives
[96 星][2y] [JS] anttikurittu/kirjuri a web application for managing cases and physical forensic evidence items.
[93 星][20d] [Py] log2timeline/dftimewolf A framework for orchestrating forensic collection, processing and data export
[88 星][6m] [Go] coinbase/dexter Forensics acquisition framework designed to be extensible and secure
[87 星][2y] [C++] google/aff4 The Advanced Forensic File Format
[86 星][2y] [Py] cheeky4n6monkey/4n6-scripts Forensic Scripts
[85 星][6m] [Py] quantika14/guasap-whatsapp-foresincs-tool WhatsApp Forensic Tool
[79 星][3m] [Py] google/giftstick 1-Click push forensics evidence to the cloud
[78 星][3y] [C++] jeffbryner/nbdserver Network Block Device Server for windows with a DFIR/forensic focus.
[78 星][2y] [Py] trolldbois/python-haystack Process heap analysis framework - Windows/Linux - record type inference and forensics
[74 星][2y] [Py] busindre/dumpzilla Extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers
[73 星][2y] [C++] kasperskylab/forensicstools Tools for DFIR
[64 星][2y] [Py] darkquasar/wmi_persistence Python脚本,直接解析 OBJECTS.DATA 文件(无需访问用户WMI 名称空间)查找 WMI persistence
[64 星][1y] [Py] ralphje/imagemounter Command line utility and Python package to ease the (un)mounting of forensic disk images
[63 星][3m] [C] carmaa/interrogate a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
[63 星][2y] [Shell] yukinoshita47/pentest-tools-auto-installer Tool sederhana buat install tool-tool pentest dan forensic bagi pengguna linux yang jenis nya non-pentest OS
[61 星][4y] [Py] sysinsider/usbtracker Quick & dirty coded incident response and forensics python script to track USB devices events and artifacts in a Windows OS (Vista and later).
[53 星][5y] [Py] osandamalith/chromefreak A Cross-Platform Forensic Framework for Google Chrome
[50 星][10d] [PS] s3cur3th1ssh1t/creds Some usefull Scripts and Executables for Pentest & Forensics
[46 星][3y] [PS] n3l5/irfartpull PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.
[46 星][1y] [Py] sentenza/gimp-ela A JPEG Error Level Analysis forensic plugin for the GNU Image Manipulation Program (GIMP)
[46 星][8m] [YARA] xumeiquer/yara-forensics Set of Yara rules for finding files using magics headers
[43 星][4m] [TSQL] abrignoni/dfir-sql-query-repo Collection of SQL query templates for digital forensics use by platform and application.
[43 星][2y] [C#] zacbrown/hiddentreasure-etw-demo 在内存取证中,使用 ETW(Windows事件追踪) 挖掘宝藏的新方式
[42 星][11d] [Py] simsong/dfxml Digital Forensics XML project and library
[40 星][2y] [HTML] scorelab/androphsy An Open Source Mobile Forensics Investigation Tool for Android Platform
[39 星][4y] [AutoIt] ajmartel/irtriage Incident Response Triage - Windows Evidence Collection for Forensic Analysis
[38 星][2y] [C] adulau/dcfldd enhanced version of dd for forensics and security
[38 星][2y] [Py] ytisf/muninn A short and small memory forensics helper.
[37 星][10m] [Py] att/docker-forensics Tools to assist in forensicating docker
[36 星][5y] [Py] eurecom-s3/actaeon Memory forensics of virtualization environments
[35 星][8m] [Py] am0nt31r0/osint-search Useful for digital forensics investigations or initial black-box pentest footprinting.
[33 星][2y] [C] weaknetlabs/byteforce Offline Digital Forensics Tool for Binary Files
[32 星][1y] [Py] andreafortuna/autotimeliner 自动从volatile内存转储中提取取证时间线
[31 星][7y] [Perl] appliedsec/forensicscanner Forensic Scanner
[31 星][2y] [Py] bltsec/violent-python3 Python 3 scripts based on lessons learned from Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor.
[31 星][5y] [Py] madpowah/forensicpcap pcap取证
[28 星][6y] [Py] c0d3sh3lf/android_forensics Bypassing Android Pattern Lock
[27 星][3y] [Java] animeshshaw/chromeforensics A tool to perform automated forensic analysis of Chrome Browser.
[26 星][4y] [Py] cyberhatcoil/acf Android Connections Forensics
[24 星][7y] [Ruby] chrislee35/flowtag FlowTag visualizes pcap files for forensic analysis
[24 星][3y] [Py] forensicmatt/pancakeviewer A DFVFS Backed Forensic Viewer
[23 星][3m] [Pascal] nannib/imm2virtual This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
[22 星][2y] [C] lorecioni/imagesplicingdetection Illuminant inconsistencies for image splicing detection in forensics
[22 星][1y] [C] paul-tew/lifer Windows link file forensic examiner
[22 星][3m] [Py] circl/forensic-tools CIRCL system forensic tools or a jumble of tools to support forensic
[21 星][2y] [Py] harris21/afot Automation Forensics Tool for Windows
[20 星][5y] [JS] jonstewart/sifter Indexed search and clustering tool for digital forensics
[19 星][3y] [Py] lukdog/backtolife Memory forensic tool for process resurrection starting from a memory dump
[18 星][3y] [C++] nshadov/screensaver-mouse-jiggler Hardware arduino based mouse emulator, preventing screen saver locking (eg. during forensic investigation)
[18 星][20d] [Py] sekoialab/fastir_artifacts Live forensic artifacts collector
[17 星][Java] marten4n6/email4n6 A simple cross-platform forensic application for processing email files.
[16 星][9m] [Smarty] forensenellanebbia/xways-forensics Personal settings for X-Ways Forensics
[15 星][2m] [Dockerfile] bitsofinfo/comms-analyzer-toolbox Tool for forensic analysis, search and graphing of communications content such as email MBOX files and CSV text message data using Elasticsearch and Kibana
[13 星][10m] [Shell] matthewclarkmay/ftriage Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
[13 星][1y] theresafewconors/file-system-forensics Repo for Reports on forensic analysis of various File Systems (NoWare to Hide)
[11 星][3y] [Py] nipunjaswal/wireless-forensics-framework Wireless Forensics Framework In Python
[11 星][1y] [C++] shujianyang/btrforensics Forensic Analysis Tool for Btrfs File System.
[10 星][2y] [PS] b2dfir/b2response Logged PS Remote Command Wrapper for Blue Team Forensics/IR
[10 星][3y] [Py] sekoialab/fastir_server The FastIR Server is a Web server to schedule FastIR Collector forensics collect thanks to the FastIR Agent
[9 星][10m] [Perl] randomaccess3/4n6_stuff Git for me to put all my forensics stuff
[9 星][8y] [Perl] superponible/search-strings-extension srch_strings is a useful tool in digital forensics. Using the "-t d" option will give a byte location for the string. This repository contains two scripts that automatically map the byte location to the filesystem block containing the string.
[9 星][1y] [Py] svelizdonoso/logfishh Logs Forensic Investigator SSH
[9 星][7y] [JS] thinkski/vinetto Forensic tool for examining Thumbs.db files
[8 星][7y] [Py] agnivesh/aft [Deprecated] Android Forensic Toolkit
[8 星][2y] asiamina/a-course-on-digital-forensics A course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University
[8 星][2m] [PS] tvfischer/ps-srum-hunting PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting
[7 星][4m] [PS] 1cysw0rdk0/whodunnit A PS forensics tool for Scraping, Filtering and Exporting Windows Event Logs
[7 星][3y] dfax/dfax (DEPRECATED) Digital Forensic Analysis eXpression
[7 星][1y] [Py] dlcowen/testkitchen Scripts from The Forensic Lunch Test Kitchen segments
[7 星][3y] [Py] maurermj08/vftools An open source forensic toolkit built on dfVFS
[7 星][2y] [Rust] rustensic/prefetchkit A powerful forensic commandline tool for analyzing Microsoft Prefetch files.
[7 星][2y] socprime/muddywater-apt an APT group that has been active throughout 2017
[6 星][4y] [C#] alphadelta/clearbytes Data forensic tool
[6 星][6m] [Shell] hestat/calamity A script to assist in processing forensic RAM captures for malware triage
[5 星][1y] [Shell] kpcyrd/booty Minimal forensic/exfiltration/evil-maid/rescue live boot system
[5 星][8m] zmbf0r3ns1cs/bf-elk Burnham Forensics ELK Deployment Files
[5 星][9m] [Py] obsidianforensics/scripts Small scripts and POCs related to digital forensics
[4 星][5m] [Py] bradley-evans/cfltools A logfile analysis tool for cyberforensics investigators.
[4 星][3y] jaredthecoder/codestock2017-stuxnet-forensic-analysis Slides and demo script for my talk at Codestock 2017
[4 星][3y] [Py] rotenkatz/ecos_romfs_unpacker It is a simple ecos ROMFS unpacker for forensics and firmware analysis needs
[3 星][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
[3 星][1y] [Py] inp2/sherlock a digital forensic analysis toolkit that relies on graph theory, link analysis, and probabilistic graphical models in order to aid the examiner in digital forensic investigations.
[2 星][2y] [Py] edisonljh/hadoop_ftk Hadoop File System Forensics Toolkit
[2 星][C] enrico204/unhide A fork of original "unhide" forensics tool from SourceForge CVS
[2 星][4m] [Py] docker-forensics-toolkit/toolkit A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
[2 星][1m] [Py] thebeanogamer/hstsparser A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
[1 星][3m] [Go] cdstelly/nugget A Domain Specific Language for Digital Forensics
[1 星][3y] [C++] colinmckaycampbell/rapidfilehash Fast and powerful SHA256 hashing for malware detection and digital forensics.
[1 星][6m] [Py] pagabuc/atomicity_tops Introducing the Temporal Dimension to Memory Forensics - ACM Transactions on Privacy and Security 2019
[1 星][2y] [Py] trolldbois/python-haystack-reverse Memory forensics data structure reversing
[0 星][4y] bedazzlinghex/disk-analysis Contains tools to perform malware and forensic analysis on disk
[0 星][3y] [C] irq8/trackercat A GPS Forensics Utility to Parse GPX Files
[127 星][11m] [Shell] wmal/kodachi Linux Kodachi operating system, based on Xubuntu 18.04, provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
[104 星][6y] santoku/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
[13 星][4y] nelenkov/santoku-linux Linux Distro for Mobile Security, Malware Analysis, and Forensics
[1482 星][11d] [C] sleuthkit/sleuthkit a library and collection of command line digital forensics tools that allow you to investigate volume and file system data.
[840 星][9d] [Java] sleuthkit/autopsy a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
[26 星][2m] blackbagtech/sleuthkit-apfs A fork of The Sleuthkit with Pooled Storage and APFS support. See
[6 星][3y] [Pascal] nannib/nbtempow a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.
[1 星][3m] [Shell] nannib/nbtempo a GUI (Graphical User Interface) Bash script for making files timelines and reporting them in CSV (electronic sheet) format.
[2736 星][3y] [Py] hephaest0s/usbkill 反取证开关. 监控USB端口变化, 有变化时立即关闭计算机
[339 星][2y] [C] natebrune/silk-guardian an anti-forensic kill-switch that waits for a change on your usb ports and then wipes your ram, deletes precious files, and turns off your computer.
[78 星][2y] [C] elfmaster/saruman ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
[67 星][3y] [Shell] trpt/usbdeath anti-forensic tool that writes udev rules for known usb devices and do some things at unknown usb insertion or specific usb device removal
[35 星][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
[20 星][3y] [Py] ncatlin/lockwatcher Anti-forensic monitor program: watches for signs of tampering and purges keys/shuts everything down.
[15 星][1y] [C#] thereisnotime/xxusbsentinel Windows anti-forensics USB monitoring tool.
[12 星][5y] [C#] maldevel/clearlogs Clear All Windows System Logs - AntiForensics
[11 星][3y] [Shell] phosphore/burn [WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles
内容为系统自动导出, 有任何问题请提issue