Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises Learn more →
Top 23 Python Forensic Projects
-
mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
-
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
Prowler and ScoutSuite are a good start for cloud stuff.
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
oletools
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Project mention: How can I find a hidden flag inside a Microsoft word document? | reddit.com/r/HowToHack | 2022-12-24oletools might help - https://github.com/decalage2/oletools
-
Want to put those processed plaso files in an elasticsearch instance check out Timesketch - https://github.com/google/timesketch.
-
Project mention: Volatility 3 2.4.1 - New Linux and Windows plugins | reddit.com/r/blueteamsec | 2023-04-22
-
However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.
-
andriller
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
Project mention: Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. | reddit.com/r/CKsTechNews | 2022-06-20 -
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
I guess it would work like any Chromium cache so first make a backup of your data %AppData%\Local\Microsoft\Edge\User Data\Default\ and use https://github.com/obsidianforensics/hindsight Telegram is encrypted so I don't know how this is going to be readable.
-
RecoverPy
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
Project mention: RecoverPy 2.0.5: Recover deleted or overwritten files from your terminal | reddit.com/r/coolgithubprojects | 2023-04-01 -
You want Turbinia and DFTimewolf. Literally the tools built by the DF team at Google (the same team that makes L2T) purpose-built to do exactly what you're asking.
-
-
-
-
-
Project mention: please help, need disk recovery software free or cheap | reddit.com/r/homelab | 2023-03-10
RecuperaBit (If you don't mind CLI)
-
WhatsApp-Key-Database-Extractor
The most advanced and complete solution for extracting WhatsApp key/DB from package directory (/data/data/com.whatsapp) without root access.
Project mention: Open source chat app with plain text chat logs | reddit.com/r/androidapps | 2023-05-07I've used "WHAGODRI" from https://github.com/B16f00t/whapa to download my backup from Google Drive. However, the message database (msgstore.db.crypt15) requires a key file to decrypt. My phone is not rooted, so I am unable to access the decryption key. I have tried https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor but I did not succeed in retrieving the key.
-
-
varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Project mention: GitHub - cado-security/varc: Volatile Artifact Collector -- Open Source Tool to Collect Volatile Data for Incident Response | reddit.com/r/bag_o_news | 2022-11-16 -
-
-
Project mention: vss_carver: Carves and recreates VSS catalog and store from Windows disk image - VSS being Volume Shadow Copy which gets deleted by some Ransomware crews before deployment | reddit.com/r/blueteamsec | 2023-04-30
-
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
Python Forensics related posts
- Saving cached telegram messages from Edge
- Volatility 3 2.4.1 - New Linux and Windows plugins
- Disabling Apple from Spying on You
- Using volatility 3 to retrieve clipboard contents
- Extent of getting hacked for iPhone vs Android
- please help, need disk recovery software free or cheap
- Bár a magánéletüket nem ellenőrizheti, azért csak belenézne a tanárok laptopjaiba az állam
-
A note from our sponsor - ONLYOFFICE
www.onlyoffice.com | 1 Jun 2023
Index
What are some of the best open-source Forensic projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | mvt | 8,610 |
2 | prowler | 8,167 |
3 | oletools | 2,443 |
4 | timesketch | 2,213 |
5 | volatility3 | 1,553 |
6 | plaso | 1,453 |
7 | andriller | 1,113 |
8 | Digital-Forensics-Guide | 923 |
9 | hindsight | 884 |
10 | RecoverPy | 764 |
11 | turbinia | 638 |
12 | mac_apt | 614 |
13 | python-evtx | 609 |
14 | docker-explorer | 477 |
15 | MalConfScan | 450 |
16 | RecuperaBit | 431 |
17 | WhatsApp-Key-Database-Extractor | 322 |
18 | WhatsDump | 257 |
19 | varc | 173 |
20 | MR | 122 |
21 | autotimeliner | 115 |
22 | vss_carver | 92 |
23 | nsa-codebreaker-2020 | 71 |