Most Popular
Mobius Forensic Toolkit updated to 0.4.7
Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools
Xplico Internet Traffic decoder version 0.5.2 available
The goal of Xplico is extract from an internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License (see License for more details).
[Updated] Stoned Bootkit released
Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".
Process Hacker v1.3.8.0 released
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!
Zero Wine (Malware Behavior Analysis) v0.0.2
Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program.
The output generated by wine (using the debug environment variable WINEDEBUG) are the API calls used by the malware (and the values used by it, of course). With this information, analyzing malware’s behavior turns out to be very easy.
Explorer Suite (PE analyzer) release III available
Explorer Suite is a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium.
Quttera v0.3.1.0.9 available
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc. Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
NetworkMiner v0.88 released
A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OS’s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis
Quttera zero-day vulnerability exploits tool v0.3.1.0.0
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc.
Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
Process Hacker v1.3.7.1 released
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!
Process Hacker v1.3.6.5 available
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!
Process Hacker v1.3.6.1 released
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them!
CAINE (Computer Aided INvestigative Environment) 0.5 available
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- a user friendly graphical interface
- a semi-automated compilation of the final report
NetworkMiner V0.87 released
A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OS’s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis
NetWitness Investigator Free edition v8.6 : the tactical network analyzer
Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed by the NetWitness NextGen infrastructure. Developed originally for the U.S. Intelligence Community, and now used extensively by Law Enforcement, Defense, and other public and private organizations, Investigator is based upon 10 years of development and deployment in some of the most demanding and complex threat environments.
MSN Shadow - MSN Forensics Tool - V0.3 released
MSN Shadow is a forensics tool developed to demonstrate several security proofs of concept in the MSN protocol.
Helix 2.0 released
Helix is a customized distribution of Ubuntu Linux. Helix is more than
just a bootable live CD. You can still boot into a customized Linux
environment that includes customized linux kernels, excellent hardware
detection and many applications dedicated to Incident Response and
Forensics.
oSpy v.1.9.6 the reverse-engineering software
oSpy is a tool which aids in reverse-engineering software running on the Windows platform. With the amount of proprietary systems that exist today (synchronization protocols, instant messaging, etc.), the amount of work required to keep up when developing interoperable solutions will quickly become a big burden when limited to traditional techniques
[Focus on] NetworkMiner the Network forensic analysis tool
A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OS’s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis
MoocherHunter released: Hunt down Wireless Moochers in Real Time
MoocherHunterâ„¢ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers.
MoocherHunterâ„¢ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network