Tools
Hash is designed to calculate a 32 bit CRC, 128 bit MD5 hash, 160 bit Secure Hash Algorithm (SHA1), or the SHA2 (256, 384 or 512 bit) of a file.
Tools
Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile.
This is not a replacement for tools such as Rekall and Volatility which use a profile to perform a more structured analysis of memory.
Rip Raw works by taking a Raw Binary such as a Memory Dump and carves files and logs using:
-
Text/binary boundaries
-
File headers and file magic
-
Log entries
Tools
Free tool for inspecting the contents of SQLite databases.
Tools
Browser History Viewer (BHV) is a forensic software tool for extracting and
viewing internet history from the main desktop web browsers.
Tools
Browser History Capturer allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle or via a Remote Desktop connection to capture history from Chrome, Edge, Firefox and Internet Explorer web browsers.
Tools
BHE is a forensic software tool for capturing, analysing and reporting internet history from the main desktop web browsers.
Tools
Google Advanced Patent Search Engine
Norwegian Industrial Property Office
Swedish Patent and Registration Office
Taiwan Intellectual Property Office
World Intellectual Property Organization (WIPO)
State Intellectual Property Office (SIPO) of the People’s Republic of China
Canadian Intellectual Property Office
Danish Patent and Trademark Office
Finnish Patent and Registration Office
Directory of Intellectual Property Offices Worldwide
Tools
Tools
Tools
Tools
Tools
These remote lookups can add value to Unfurl, but they also come with risk (as Unfurl is sending out potentially-sensitive hashes to 3rd parties). To give the user control over this, Unfurl has a new remote_lookups setting. Users can change it (from the default, false) in the unfurl.ini file. There's also a command line option to allow lookups (-l or --lookups) from unfurl_cli.py. The CLI tool will fall back to the value specified in unfurl.ini if no command line option is set. Users need to set this option to enable any remote lookups (it's disabled by default). Shortlink resolution and MAC address vendor lookups are now also controlled by this option, as they are remote lookups as well.
Tools
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications - with more to come! Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
Tools
This script is used only as an extension for X-Ways Forensics (32-bit). It calculates several different hashes for every marked file.
Tools
X-Ways extension to calculate the MD5 sum of the first 440 bytes of sector 0 and compare with known goods.
-
{{#owner}}
-
{{#url}}
{{#avatarSrc}}
{{/avatarSrc}} {{^avatarSrc}} {{& avatar}} {{/avatarSrc}} {{name}} {{/url}} {{^url}} {{#avatar}} {{& avatar}} {{/avatar}} {{name}} {{/url}}
- {{/owner}} {{#created}}
- {{created}} {{/created}}
