Search Results for "ikena forensic software"

Plaso (Plaso Langar Að Safna Öllu), or "super timeline all the things," is a Python-based engine designed for automatic creation of timelines in digital forensic investigations. It processes various log files and artifacts to generate a chronological sequence of events, aiding analysts in understanding system activities.​

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. This is a major framework update to Dshell. Plugins written for the previous version are not compatible with this version, and vice versa. By extension, dpkt and pypcap have been replaced with Python3-friendly pypacker and pcapy (respectively). Enables development of external plugin packs, allowing the sharing and installation of new,...

claude-code-transcripts is a command-line utility that takes session files exported from Claude Code (in JSON or JSONL format) and turns them into clean, navigable HTML transcripts that can be viewed in any modern web browser. It is designed to make the often dense and verbose outputs from AI coding sessions easier to read, share, and archive by breaking conversations into paginated, annotated pages with navigable timelines of prompts and responses. Users can run this tool locally or fetch...

...It also incorporates techniques to avoid forensic analysis, such as self-deletion and cleaning traces after execution. The generated executables are optimized to be small and efficient, improving their ability to bypass security controls.

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or...

pyringe is a powerful Python process “syringe” that attaches to a running interpreter and lets you introspect—and even execute code inside—that live process. It blends debugger-style attachment (via gdb/ptrace techniques) with Python-aware helpers so you can inspect threads, frames, locals, and heap objects without restarting the target. This is invaluable for post-mortem diagnosis of production daemons where reproducing a bug in a dev shell is impractical. pyringe can inject arbitrary...