plaso
mvt
plaso | mvt | |
---|---|---|
3 | 91 | |
1,623 | 9,809 | |
1.0% | 1.1% | |
9.0 | 8.7 | |
16 days ago | 8 days ago | |
Python | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
plaso
-
Custom DFIR
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
-
I feel like I'm putting the cart before the horse. Noob question.
I see other folks already mentioned: think about trying to tell a story, rather than just like, looking at all the events (A tool like Plaso can help you timeline logs so you can see things chronologically which can help in telling a story about what happened across many log sources)
-
Solving a child porn case (student environment)
My advice would be to go through a timeline to assert the activity before and after these files "appeared" . This can be done in log2timeline / plaso , this script can parse the raw image (or e01 or whatever you have) and build a timeline , parse it and sort it. Also look for lnk files and shellbags to see if the files were opened , used etc.
mvt
-
Exploiting the iPhone 4
Amnesty International released Mobile Verification Toolkit to check your phone for malware, by checking encrypted backups on your computer. https://github.com/mvt-project/mvt
-
Meduza co-founder's phone infected with Pegasus
From what I was able to read previously, it has no ability to spread by itself and has to be installed by a targeted attack. There is also a tool from Amnesty International that can detect it (or was able to): https://github.com/mvt-project/mvt
It is a race though, so past info may no longer be valid. However, I doubt it will ever be able to spread by itself, since it uses very expensive zero days to infect and they will be quickly fixed after detection.
-
NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild
Public Service Announcement:
Amnesty International has a program on GitHub with Citizens Lab for those keeping an eye out for additional protections
https://github.com/mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
-
As recommended, I ask it here : how can I find out if my phone is being tapped, and what should I do if it is?
You can do a backup of your phone and analyze said backup using digital forensics to see if for example "automated software" will detect any of the more mainstream spyware/hacks. You can use mobile verification toolkit (mvt) to do this, but it won't detect everything. It is however a good start, you can investigate the basic results with limited knowledge and if something is detected you can further it up to a digital forensics company because it will very highly likely be beyond your qualifications to analyze by yourself. Hope this helps.
- How do I download this on iPhone
-
I dont know if i downloaded malware
I was extremly paranoid i got a virus a few months ago and i think i may have downloaded something. Its been more thank half a year and just remebered that i tried to download something from here,https://github.com/mvt-project/mvt i dont know if i was even sucessful, i am fully updated ios, cant find anything in files so i dont think i had it for very long and prob dealted after a whille
- iOS 16.5.1 TriangleDB spyware
-
Can anyone hack my phone via sending a WhatsApp Photo? How to know it?
If you wanna check your phone, maybe try using this: https://github.com/mvt-project/mvt
- Disabling Apple from Spying on You
-
Extent of getting hacked for iPhone vs Android
if android, this is available -- https://github.com/mvt-project/mvt
What are some alternatives?
IPED - IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
hardened_malloc - Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.