Search Results for "forensic linux"

Plaso (Plaso Langar Að Safna Öllu), or "super timeline all the things," is a Python-based engine designed for automatic creation of timelines in digital forensic investigations. It processes various log files and artifacts to generate a chronological sequence of events, aiding analysts in understanding system activities.​

claude-code-transcripts is a command-line utility that takes session files exported from Claude Code (in JSON or JSONL format) and turns them into clean, navigable HTML transcripts that can be viewed in any modern web browser. It is designed to make the often dense and verbose outputs from AI coding sessions easier to read, share, and archive by breaking conversations into paginated, annotated pages with navigable timelines of prompts and responses. Users can run this tool locally or fetch...

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. This is a major framework update to Dshell. Plugins written for the previous version are not compatible with this version, and vice versa. By extension, dpkt and pypcap have been replaced with Python3-friendly pypacker and pcapy (respectively). Enables development of external plugin packs, allowing the sharing and installation of new,...

Dr0p1t-Framework is a penetration testing tool designed to generate advanced and stealthy droppers capable of delivering and executing payloads on target systems while evading detection mechanisms. A dropper is a type of malware used to download and install additional malicious software, and this framework focuses on making that process more flexible and difficult to detect. It provides a wide range of modules that allow users to customize payload delivery, persistence mechanisms, and...

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or...

pyringe is a powerful Python process “syringe” that attaches to a running interpreter and lets you introspect—and even execute code inside—that live process. It blends debugger-style attachment (via gdb/ptrace techniques) with Python-aware helpers so you can inspect threads, frames, locals, and heap objects without restarting the target. This is invaluable for post-mortem diagnosis of production daemons where reproducing a bug in a dev shell is impractical. pyringe can inject arbitrary...