Category Archives: Forensics

MozDef – Mozilla Enterprise Defense Platform

The Mozilla Enterprise Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

DumpsterDiver – Tool to Search Secrets in Various Files

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords.

DFIRtriage – Windows-based Incident Response Tool

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.

Internet History Browser – Tool to Review Browsing History

Internet History Browser collects and displays internet browsing history in comprehensive interface with powerful filtering engine. You can trace and see all your (or someone else's) web sites visits including date and time and used browser.

Threat_Note – Lightweight Investigation Notebook

Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research.

Cyber Triage – Practical Endpoint Response

Cyber Triage is an Incident response framework that will investigate remote systems and endpoint by pushing a collection of tools over the network.

ProcDOT – Tool to Process Procmon and PCAP Logs

ProcDOT is a tool that process Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite.