hindsight
RELY
| hindsight | RELY | |
|---|---|---|
| 8 | 1 | |
| 1,020 | 2 | |
| - | - | |
| 6.1 | 0.0 | |
| about 15 hours ago | almost 3 years ago | |
| Python | Python | |
| Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hindsight
-
Saving cached telegram messages from Edge
I guess it would work like any Chromium cache so first make a backup of your data %AppData%\Local\Microsoft\Edge\User Data\Default\ and use https://github.com/obsidianforensics/hindsight Telegram is encrypted so I don't know how this is going to be readable.
- Browser Login Data Dates Earlier than Laptop Date
- Lost/Erased Monsters in Vault Recovered - Chrome - GiffyGlyph's Monster Maker
-
QQT Browser History in CS for Detections at LEAST !?!? WIP ;)
Invoke-WebRequest -Uri "https://github.com/obsidianforensics/hindsight/releases/download/v2021.12/hindsight.exe" -OutFile "C:\windows\Temp\ftech_temp\hindsight.exe"
-
Forensic Tools for Browser Data
Try hindsight https://github.com/obsidianforensics/hindsight. If it fails due to the file being damaged try sqlitebrowser https://sqlitebrowser.org/dl/. If all else fails strings it!
- Forensic script ideas?
-
Evidence/ artifact for clearing chrome history?
There is a tool called Hightsight which used to pull this data out. Article about using it here. Although the emphasis is on used to pull this out. I haven't used that technique in years and I suspect it might not work on modern Chrome.
-
Help reading Chrome History file from 2010
Hindsight (https://github.com/obsidianforensics/hindsight) should be able to parse every version of Chrome, including the early ones (2009/2010).
RELY
-
Made a nice OSCP enum tool
Thanks for the tip, I've already made a small triage tool for windows forensics as part of a school project https://github.com/yassirlaaouissi/RELY
What are some alternatives?
timesketch - Collaborative forensic timeline analysis
RecuperaBit - A tool for forensic file system reconstruction.
Sending your docker logs - Sending logs from docker containers to Logit.io
kobackupdec - Huawei backup decryptor
Logstash - Logstash - transport and process your logs, events, or other data
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
chrome_password_grabber - Get unencrypted 'Saved Password' from Google Chrome
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
woanware.github.io
TheHiveDocs - Documentation of TheHive
INDXRipper - Carve file metadata from NTFS index ($I30) attributes
hashlookup-forensic-analyser - Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/