forensics▌

Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.

Collect, parse, and correlate system, application, and security logs to reconstruct events and establish timelines during forensic investigations.

Identify, collect, and analyze ransomware attack artifacts to determine the variant, initial access vector, encryption scope, and recovery options.

Conduct forensic investigations in cloud environments by collecting and analyzing logs, snapshots, and metadata from AWS, Azure, and GCP services.

Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.

Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for incident response and malware analysis.

Comprehensive digital forensics and signal analysis toolkit for CTF challenges across disk, memory, network, and steganography domains. \n \n Covers 15+ forensics categories: disk/memory imaging (Volatility, VM forensics, coredumps), Windows registry/event logs/SAM, Linux logs/Docker, network analysis (PCAP, TLS decryption, SMB, NTLMv2), and browser artifact extraction \n Includes advanced steganography techniques: image LSB/bitplane extraction, PDF multi-layer stego, audio DTMF/FFT/SSTV, SVG ke

Acquire, analyze, and extract artifacts from memory dumps for incident response and malware analysis. \n \n Supports live memory acquisition across Windows (WinPmem, DumpIt), Linux (LiME, /dev/mem), and macOS (osxpmem), plus virtual machine memory from VMware, VirtualBox, QEMU, and Hyper-V \n Volatility 3 framework with 30+ plugins covering process analysis, network connections, DLL inspection, code injection detection, registry analysis, and file system artifacts \n Includes malware analysis an