#PowerForensics Mi proyecto personal, ya disponible para la comunidad #DFIR RT si te mola 👍 dfirspain.es/2026/03/powerfo…

Os presento PowerForensics, un ecosistema #DFIR que nació de una necesidad real: recolectar evidencias sin dependencias externas,toda una suite para estructurar investigaciones: PowerTriage,Forge,Chronos,Nexus @DFIRDiva @AndreaFortuna @cyb3rops #DFIR 🔗 powerforensics.es

PowerForensics PowerShell Digital Forensics by @jaredcatkinson github.com/Invoke-IR/PowerFo… PowerForensics documentation : powerforensics.readthedocs.i… #DFIR

Ghost Recon An OSINT framework updated weekly, wich with you can search on precise targets, with a lot of features like person search, criminal search, or social media scanning with eamail/phone, and ip changer. : github.com/DR34M-M4K3R/Ghost… Collector Collector is a tool for osint (open source intelligence). : github.com/galihap76/collect… Twayback Automate downloading archived deleted ets.: github.com/Mennaruuk/twaybac… Opensquat Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting. : github.com/atenreiro/opensqu… Telegram Trilateration Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location: github.com/jkctech/Telegram-… Telegram Nearby Map Discover the location of nearby Telegram users 📡🌍 : github.com/tejado/telegram-n… Holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function. github.com/megadose/holehe Holehe Maltego Transform github.com/megadose/holehe-m… Terra OSINT Tool on Twitter and Instagram. : github.com/xadhrit/terra Prosint ProtOSINT is a Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses github.com/pixelbubble/ProtO… Toolkit A toolkit for the post-mortem examination of Docker containers from forensic HDD copies github.com/docker-forensics-… iOS Frequent Locations Dumper Dump the iOS Frequent Location binary plist files github.com/mac4n6/iOS-Freque… Whapa Whapa is a set of graphical forensic tools to analyze whatsapp from Android and soon iOS devices. All the tools have been written in Python 3.8 and have been tested on linux, windows and macOS systems. github.com/B16f00t/whapa Kupa3 Tracking the trackers. Draw connections between scripts and domains on website. github.com/woj-ciech/kupa3 Abuse Insight To extract the usernames attempted by a compromised host. This information is obtained from Abuse IP DB, reports' comments. : github.com/west-wind/abuse-i… Octosuite Advanced Github OSINT Framework : github.com/rly0nheart/octosu… Kamerka Gui Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. github.com/woj-ciech/Kamerka… Social Path Track users across social media platform github.com/woj-ciech/SocialP… Osint stuff tool collection A collection of several hundred online tools for OSINT github.com/cipher387/osint_s… Teler Real-time HTTP Intrusion Detection. : github.com/kitabisa/teler ArreStats A Search Tool created to explore the FBI's nj arrest file. Created For Hack Jersey 2.0 github.com/CarlaAstudillo/Ar… OSINT JUMP This virtual machine image is intended for open source offensive reconnaissance. The iso image of the kali linux NetInstall operating system is taken as a basis. Other required packages were installed manually. The image includes the following packages.: github.com/delikely/OSINT-JU… Infoga Infoga - Collection of information by e-mail github.com/m4ll0k/Infoga Crime data explorer Chief report of the FBI crime data explorer project github.com/18F/crime-data-ex… PDFMtEd Pdfmted (PDF Metadata Editor) is a set of tools designed to simplify work with pdf metadata on Linux. The utilities hosted in this repository are graphic interfaces for the wonderful exiftool of Phil Harvey. github.com/glutanimate/PDFMt… Audio metadata Extract Metadata from several audio containers github.com/tmont/audio-metad… Gesmask Information gathering tool - OSINT github.com/twelvesec/gasmask Check ifemail exists Check if there is an e-mail address without sending any email. Use Telnet. github.com/amaurymartiny/che… App Metadata Provides Metadata extraction for IOS, Android and windows packages. github.com/Microsoft/app-met… ANDROPHSY An Open-Source Mobile Forensic Research Tool for android platform github.com/scorelab/ANDROPHS… RdpCacheStitcher RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. - github.com/BSI-Bund/RdpCache… Androidqf Androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise. - github.com/botherder/android… IPED IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. - github.com/sepinf-inc/IPED Turbinia Automation and automation of digital forensic tools github.com/google/turbinia Chrome Extractor Script that will extract all the passwords stored from your Google Chrome Database and will keep them in Chrome. Txt txt txt txt txt txt txt txt txt github.com/D4Vinci/Chrome-Ex… Firefox Decrypt Firefox decrypt is a tool to extract passwords from Mozilla Profiles (Firefox / Thunderbird / Seabird) github.com/unode/firefox_dec… Ip Geolocation Recover information from ip geolocation github.com/maldevel/IPGeoLoc… Cameradar Cameradar hacks its way into RTSP videosurveillance cameras github.com/Ullaakut/camerada… Power Forensic Powerforensics is a framework for forensic analysis of live records github.com/Invoke-IR/PowerFo… Face Recognition The World's simplest facial recognition api for python and the command line github.com/ageitgey/face_rec…

PowerForensics #PowerShell Digital #Forensics github.com/Invoke-IR/PowerFo… t.me/hackgit/7527

PowerForensicsのすごい版みたいなのがでてきているよう エビデンスを突っ込めば一発でいろいろとアーティファクトをパースしてくれるし、Pythonを使えば柔軟にデータを操作することも可能 めちゃ使ってみたいぞ！ github.com/fox-it/dissect

PowerForensics - PowerShell Digital Forensics powerforensics.readthedocs.i…

In order to bring a chair into being, one must understand it more deeply than simply being able to list its features. I found this to be true in writing PowerForensics. The act of building an MFT parser gave me a more intimate understanding of the form than a simple feature list.

Wait till you see powerforensics from @jaredcatkinson! powerforensics.readthedocs.i…

DFIR Twitter, what Python or PowerShell tools (other than PowerForensics) do y'all like to use?

Whenever we enter a new command on PowerShell, a modification is made to the "ConsoleHost_history.txt" file, and this modification is recorded on USN Journal. I put together a mini PowerShell script on top of the PowerForensics tools.

Did you try with PowerForensics? github.com/Invoke-IR/PowerFo…

Imagine Kansa, but on top of JEA, and with PowerForensics built-in 🙂

I love that your example is about array misuse. That was the example that caused me to look into profiling my C# code for PowerForensics. @Lee_Holmes might remember that!

Feels like a solvable problem. For defence it "just" needs an automated attacker then you can go to a box the same as HTB. For IR - spin up a compromised host and let people use remote response tools (KAPE, Cylr, PowerForensics etc) to gather data/flags.

PowerForensics - PowerShell Digital Forensics by @jaredcatkinson github.com/Invoke-IR/PowerFo… PowerForensics documentation : powerforensics.readthedocs.i… #DFIR

PowerForensics es un marco para el análisis forense de discos en vivo github.com/Invoke-IR/PowerFo… Api de reconocimiento facial más simple del mundo para Python y la línea de comando github.com/ageitgey/face_rec…

Thanks to @jadeeyedlady for posting about PowerForensics! I will definitely have to look into this! powerforensics.readthedocs.i… #DFIR #infosec #CyberSecurity #PowerShell

"Ransomware IR with PowerForensics and the USN Journal" redblue.team/2016/11/ransomw… #security #feedly

PowerShell Digital Forensics: PowerForensics n0where.net/powershell-digit… …