Python Forensics

Open-source Python projects categorized as Forensics
Edit details
Topics: #Security #Dfir #Python #Cybersecurity #Android
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com
Sponsored

Top 23 Python Forensic Projects

  • mvt

    MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

    Project mention: Disabling Apple from Spying on You | reddit.com/r/privacy | 2023-04-08

  • prowler

    Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

    Project mention: Azure and M365 Secure Config Review | reddit.com/r/Pentesting | 2023-05-31

    Prowler and ScoutSuite are a good start for cloud stuff.

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • oletools

    oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

    Project mention: How can I find a hidden flag inside a Microsoft word document? | reddit.com/r/HowToHack | 2022-12-24

    oletools might help - https://github.com/decalage2/oletools

  • timesketch

    Collaborative forensic timeline analysis

    Project mention: Custom DFIR | reddit.com/r/computerforensics | 2023-02-09

    Want to put those processed plaso files in an elasticsearch instance check out Timesketch - https://github.com/google/timesketch.

  • volatility3

    Volatility 3.0 development

    Project mention: Volatility 3 2.4.1 - New Linux and Windows plugins | reddit.com/r/blueteamsec | 2023-04-22

  • plaso

    Super timeline all the things

    Project mention: Custom DFIR | reddit.com/r/computerforensics | 2023-02-09

    However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.

  • andriller

    📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.

    Project mention: Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. | reddit.com/r/CKsTechNews | 2022-06-20

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • Digital-Forensics-Guide

    Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

    Project mention: Digital Forensics Guide | reddit.com/r/ReverseEngineering | 2022-10-17

  • hindsight

    Web browser forensics for Google Chrome/Chromium

    Project mention: Saving cached telegram messages from Edge | reddit.com/r/DataHoarder | 2023-04-29

    I guess it would work like any Chromium cache so first make a backup of your data %AppData%\Local\Microsoft\Edge\User Data\Default\ and use https://github.com/obsidianforensics/hindsight Telegram is encrypted so I don't know how this is going to be readable.

  • RecoverPy

    Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal

    Project mention: RecoverPy 2.0.5: Recover deleted or overwritten files from your terminal | reddit.com/r/coolgithubprojects | 2023-04-01

  • turbinia

    Automation and Scaling of Digital Forensics Tools

    Project mention: Log2Timeline -> Timesketch | reddit.com/r/computerforensics | 2023-05-16

    You want Turbinia and DFTimewolf. Literally the tools built by the DF team at Google (the same team that makes L2T) purpose-built to do exactly what you're asking.

  • mac_apt

    macOS (& ios) Artifact Parsing Tool

  • python-evtx

    Pure Python parser for recent Windows Event Log files (.evtx)

  • docker-explorer

    A tool to help forensicate offline docker acquisitions

  • MalConfScan

    Volatility plugin for extracts configuration data of known malware

  • RecuperaBit

    A tool for forensic file system reconstruction.

    Project mention: please help, need disk recovery software free or cheap | reddit.com/r/homelab | 2023-03-10

    RecuperaBit (If you don't mind CLI)

  • WhatsApp-Key-Database-Extractor

    The most advanced and complete solution for extracting WhatsApp key/DB from package directory (/data/data/com.whatsapp) without root access.

    Project mention: Open source chat app with plain text chat logs | reddit.com/r/androidapps | 2023-05-07

    I've used "WHAGODRI" from https://github.com/B16f00t/whapa to download my backup from Google Drive. However, the message database (msgstore.db.crypt15) requires a key file to decrypt. My phone is not rooted, so I am unable to access the decryption key. I have tried https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor but I did not succeed in retrieving the key.

  • WhatsDump

    Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)

  • varc

    Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

    Project mention: GitHub - cado-security/varc: Volatile Artifact Collector -- Open Source Tool to Collect Volatile Data for Incident Response | reddit.com/r/bag_o_news | 2022-11-16

  • MR

    Mobile Revelator

  • autotimeliner

    Automagically extract forensic timeline from volatile memory dump

  • vss_carver

    Carves and recreates VSS catalog and store from Windows disk image.

    Project mention: vss_carver: Carves and recreates VSS catalog and store from Windows disk image - VSS being Volume Shadow Copy which gets deleted by some Ransomware crews before deployment | reddit.com/r/blueteamsec | 2023-04-30

  • nsa-codebreaker-2020

    My solutions to the 2020 NSA Codebreaker Challenge

  • ONLYOFFICE

    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-31.

Python Forensics related posts

Index

What are some of the best open-source Forensic projects in Python? This list will help you:

Project Stars
1 mvt 8,610
2 prowler 8,167
3 oletools 2,443
4 timesketch 2,213
5 volatility3 1,553
6 plaso 1,453
7 andriller 1,113
8 Digital-Forensics-Guide 923
9 hindsight 884
10 RecoverPy 764
11 turbinia 638
12 mac_apt 614
13 python-evtx 609
14 docker-explorer 477
15 MalConfScan 450
16 RecuperaBit 431
17 WhatsApp-Key-Database-Extractor 322
18 WhatsDump 257
19 varc 173
20 MR 122
21 autotimeliner 115
22 vss_carver 92
23 nsa-codebreaker-2020 71

Sponsored
ONLYOFFICE Docs — document collaboration in your environment
Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
www.onlyoffice.com