Tag Archives: Incident Handling

mXtract – Offensive Memory Extractor & Analyzer

mXtract is a tool that analyzes and dumps memory. It is developed and its purpose to scan memory for private keys, ips, and passwords using regexes

Kirjuri – Web application to Manage Forensic Evidence

Kirjuri is a digital forensic evidence item management system. It is a web application designed to help forensic teams manage, track and report devices delivered for forensic examination.

NTFS Log Tracker – Tool to Parse NTFS Logs

NTFS Log Tracker is a tool that can parse $LogFile, $UsnJrnl of NTFS.A input of this tool is sample file extracted by another tool like Encase, Winhex.

MIG – Real-time IR and Investigation Platform

Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.

Threat_Note – Lightweight Investigation Notebook

Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research.

ProcDOT – Tool to Process Procmon and PCAP Logs

ProcDOT is a tool that process Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite.

HashMyFiles – Calculate MD5/SHA1/CRC32 Files Hashes

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.