@@ -83,7 +83,7 @@ const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'P
{hasValidProjectUrl ? (
-
+
Software-Homepage
@@ -93,7 +93,7 @@ const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'P
) : (
-
+
Software-Homepage
)}
diff --git a/src/components/ToolMatrix.astro b/src/components/ToolMatrix.astro
index 60931d9..5a84ae5 100644
--- a/src/components/ToolMatrix.astro
+++ b/src/components/ToolMatrix.astro
@@ -250,12 +250,12 @@ domains.forEach((domain: any) => {
const phasesText = tool.phases.join(', ');
metadataContainer.innerHTML = `
-
Platforms: ${tool.platforms.join(', ')}
+
Betriebssystem: ${tool.platforms.join(', ')}
Skill Level: ${tool.skillLevel}
-
License: ${tool.license}
-
Access Type: ${tool.accessType}
-
Domains: ${domainsText}
-
Phases: ${phasesText}
+
Lizenzmodell: ${tool.license}
+
Deployment: ${tool.accessType}
+
Einsatzgebiete: ${domainsText}
+
Ermittlungsphasen: ${phasesText}
`;
diff --git a/src/data/tools.yaml b/src/data/tools.yaml
index eb162ac..97ff797 100644
--- a/src/data/tools.yaml
+++ b/src/data/tools.yaml
@@ -1,512 +1,790 @@
-# DFIR Tools Database
-# Each tool can appear in multiple domains and phases
-# Self-hosted services have isHosted: true and statusUrl for monitoring
-
tools:
- - name: "Autopsy"
- description: "Open-Source digitale Forensik-Plattform mit grafischer Benutzeroberfläche für Festplatten- und Dateisystemanalyse"
- domains:
- - "storage-file-system"
- - "application-code"
- phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows", "Linux", "macOS"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://www.autopsy.com/"
- projectUrl: ""
- license: "Apache 2.0"
- tags: ["disk", "recovery", "timeline", "opensource"]
-
- - name: "Volatility 3"
- description: "Fortgeschrittenes Memory-Forensik-Framework für Incident Response und Malware-Analyse mit Plugin-Architektur"
+ # Disk & File System Analysis Tools
+ - name: Autopsy
+ description: >-
+ Open-Source digitale Forensik-Plattform mit grafischer Benutzeroberfläche
+ für Festplatten- und Dateisystemanalyse. Besonders geeignet für die
+ Analyse-Phase mit umfangreichen Carving- und Timeline-Funktionen.
domains:
- - "memory-runtime"
+ - incident-response
+ - law-enforcement
+ - malware-analysis
phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows", "Linux", "macOS"]
- skillLevel: "advanced"
- accessType: "download"
- url: "https://www.volatilityfoundation.org/"
- projectUrl: ""
- license: "VSL"
- tags: ["memory", "malware", "runtime", "plugins"]
+ - data-collection
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: intermediate
+ accessType: download
+ url: https://www.autopsy.com/
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - disk-imaging
+ - file-carving
+ - timeline-analysis
+ - registry-analysis
+ - windows-artifacts
+ - linux-artifacts
+ - hash-verification
+ - dead-box-forensics
+ - plugin-architecture
+ - csv-export
- - name: "TheHive"
- description: "Kollaborative Security-Incident-Response-Plattform für SOCs, CERTs und Sicherheitsteams mit Case-Management"
+ # Memory Analysis Tools
+ - name: Volatility 3
+ description: >-
+ Fortgeschrittenes Memory-Forensik-Framework für Incident Response und
+ Malware-Analyse mit Plugin-Architektur. Hauptsächlich für die
+ Auswertungs- und Analysephase von RAM-Dumps geeignet.
domains:
- - "storage-file-system"
- - "network-communication"
- - "application-code"
+ - incident-response
+ - malware-analysis
+ - law-enforcement
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "self-hosted"
- url: "https://strangebee.com/"
- projectUrl: ""
- license: "AGPL-3.0"
- tags: ["incident-response", "case-management", "collaboration", "workflow"]
- statusUrl: "https://uptime.example.lab/api/badge/1/status"
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: advanced
+ accessType: download
+ url: https://www.volatilityfoundation.org/
+ projectUrl: ''
+ license: VSL
+ tags:
+ - memory-analysis
+ - malware-detection
+ - process-analysis
+ - plugin-architecture
+ - python-scripting
+ - windows-artifacts
+ - linux-artifacts
+ - live-forensics
+ - dead-box-forensics
+ - json-export
- - name: "MISP"
- description: "Threat-Intelligence-Plattform für strukturierten Austausch von Indicators of Compromise (IoCs) und Bedrohungsinformationen"
+ # Incident Response Platforms
+ - name: TheHive 5
+ description: >-
+ Kollaborative Security-Incident-Response-Plattform für SOCs, CERTs und
+ Sicherheitsteams mit Case-Management. Ideal für alle Phasen einer
+ Untersuchung, besonders für Koordination und Berichterstattung.
domains:
- - "network-communication"
- - "application-code"
+ - incident-response
+ - law-enforcement
+ - fraud-investigation
phases:
- - "data-collection"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "self-hosted"
- url: "https://misp-project.org/"
- projectUrl: "https://misp.cc24.dev"
- license: "AGPL-3.0"
- tags: ["threat-intelligence", "ioc", "sharing", "automation"]
- statusUrl: "https://status.mikoshi.de/api/badge/34/status"
+ - data-collection
+ - examination
+ - analysis
+ - reporting
+ - collaboration
+ platforms:
+ - Web
+ skillLevel: intermediate
+ accessType: self-hosted
+ url: https://strangebee.com/
+ projectUrl: ''
+ license: Community Edition (Free) / Commercial
+ tags:
+ - case-management
+ - team-collaboration
+ - api-available
+ - automation
+ - misp-integration
+ - alert-management
+ - multi-tenancy
+ - workflow-automation
+ - json-export
+ - reporting-tools
+ statusUrl: https://uptime.example.lab/api/badge/1/status
- - name: "Timesketch"
- description: "Kollaborative forensische Timeline-Analyse-Plattform für chronologische Ereigniskorrelation und -visualisierung"
+ - name: MISP
+ description: >-
+ Threat-Intelligence-Plattform für strukturierten Austausch von IoCs.
+ Primär für Datensammlung und -anreicherung, unterstützt aber auch
+ Analyse durch Korrelation von Bedrohungsdaten.
domains:
- - "storage-file-system"
- - "network-communication"
+ - incident-response
+ - malware-analysis
+ - network-forensics
phases:
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "self-hosted"
- url: "https://timesketch.org/"
- projectUrl: "https://timesketch.cc24.dev"
- license: "Apache 2.0"
- tags: ["timeline", "visualization", "collaboration", "correlation"]
- statusUrl: "https://uptime.example.lab/api/badge/3/status"
+ - data-collection
+ - examination
+ - analysis
+ - collaboration
+ platforms:
+ - Web
+ skillLevel: intermediate
+ accessType: self-hosted
+ url: https://misp-project.org/
+ projectUrl: https://misp.cc24.dev
+ license: AGPL-3.0
+ tags:
+ - threat-intelligence
+ - ioc-sharing
+ - api-available
+ - automation
+ - correlation-engine
+ - taxonomy-support
+ - feed-integration
+ - json-export
+ - stix-support
+ statusUrl: https://status.mikoshi.de/api/badge/34/status
- - name: "Wireshark"
- description: "Netzwerk-Protokoll-Analyzer für Paketaufzeichnung und -analyse mit umfangreichen Dekodierungsfähigkeiten"
+ - name: Timesketch
+ description: >-
+ Kollaborative forensische Timeline-Analyse-Plattform. Hauptsächlich
+ für die Analysephase konzipiert, unterstützt chronologische
+ Ereigniskorrelation aus verschiedenen Quellen.
domains:
- - "network-communication"
+ - incident-response
+ - law-enforcement
+ - fraud-investigation
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows", "Linux", "macOS"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://www.wireshark.org/"
- projectUrl: ""
- license: "GPL-2.0"
- tags: ["network", "pcap", "protocol", "realtime"]
+ - analysis
+ - reporting
+ platforms:
+ - Web
+ skillLevel: intermediate
+ accessType: self-hosted
+ url: https://timesketch.org/
+ projectUrl: https://timesketch.cc24.dev
+ license: Apache 2.0
+ tags:
+ - timeline-analysis
+ - data-visualization
+ - plaso-integration
+ - collaborative-analysis
+ - search-capabilities
+ - event-correlation
+ - csv-import
+ - api-available
+ statusUrl: https://uptime.example.lab/api/badge/3/status
- - name: "EnCase"
- description: "Kommerzielle digitale Ermittlungsplattform mit gerichtlich anerkannten Forensik-Funktionen und umfassender Berichterstattung"
+ # Network Analysis Tools
+ - name: Wireshark
+ description: >-
+ Netzwerk-Protokoll-Analyzer für Paketaufzeichnung und -analyse.
+ Primär für Datensammlung und Auswertung von Netzwerkverkehr,
+ unterstützt über 2000 Protokolle.
domains:
- - "storage-file-system"
- - "memory-runtime"
+ - network-forensics
+ - incident-response
+ - malware-analysis
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Windows"]
- skillLevel: "advanced"
- accessType: "commercial"
- url: "https://www.opentext.com/products/encase-forensic"
- projectUrl: ""
- license: "Proprietary"
- tags: ["commercial", "enterprise", "court-approved", "comprehensive"]
-
- - name: "Cuckoo Sandbox"
- description: "Automatisiertes Malware-Analysesystem mit virtualisierter Umgebung für dynamische Verhaltensanalyse"
+ - data-collection
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: intermediate
+ accessType: download
+ url: https://www.wireshark.org/
+ projectUrl: ''
+ license: GPL-2.0
+ tags:
+ - packet-capture
+ - protocol-analysis
+ - live-capture
+ - pcap-analysis
+ - filter-capabilities
+ - statistics-generation
+ - export-formats
+ - plugin-support
+ - tls-decryption
+
+ # Commercial Tools (Well-known)
+ - name: Magnet AXIOM
+ description: >-
+ Umfassende digitale Forensik-Plattform für Computer und Mobilgeräte.
+ Deckt alle Phasen ab mit besonderem Fokus auf automatisierte
+ Artefakt-Erkennung und Cloud-Forensik.
domains:
- - "application-code"
- - "network-communication"
+ - law-enforcement
+ - incident-response
+ - mobile-forensics
+ - cloud-forensics
phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Linux"]
- skillLevel: "advanced"
- accessType: "self-hosted"
- url: "https://cuckoosandbox.org/"
- projectUrl: ""
- license: "GPL-3.0"
- tags: ["malware", "sandbox", "dynamic-Analyse", "automation"]
- statusUrl: ""
+ - data-collection
+ - examination
+ - analysis
+ - reporting
+ platforms:
+ - Windows
+ skillLevel: intermediate
+ accessType: commercial
+ url: https://www.magnetforensics.com/products/magnet-axiom/
+ projectUrl: ''
+ license: Proprietary
+ tags:
+ - mobile-forensics
+ - cloud-acquisition
+ - artifact-recovery
+ - timeline-generation
+ - ai-categorization
+ - report-generation
+ - court-admissible
+ - image-analysis
- - name: "FTK Imager"
- description: "Forensisches Imaging- und Vorschau-Tool für Erstellung forensischer Kopien und erste Datenanalyse"
+ - name: Cellebrite UFED
+ description: >-
+ Führende Mobile-Forensik-Lösung für Extraktion und Analyse von
+ Smartphones und Tablets. Primär für Datensammlung und Auswertung
+ mobiler Geräte konzipiert.
domains:
- - "storage-file-system"
+ - law-enforcement
+ - mobile-forensics
+ - incident-response
phases:
- - "data-collection"
- - "Auswertung"
- platforms: ["Windows"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://exterro.com/ftk-imager"
- projectUrl: ""
- license: "Proprietary"
- tags: ["imaging", "preview", "acquisition", "freeware"]
+ - data-collection
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Hardware
+ skillLevel: intermediate
+ accessType: commercial
+ url: https://cellebrite.com/en/ufed/
+ projectUrl: ''
+ license: Proprietary
+ tags:
+ - mobile-extraction
+ - physical-extraction
+ - logical-extraction
+ - password-bypass
+ - app-analysis
+ - deleted-data-recovery
+ - report-generation
+ - court-admissible
- - name: "GRR Rapid Response"
- description: "Remote-Live-Forensik-Plattform von Google für skalierbare Incident-Response auf Unternehmensnetzwerken"
+ # Malware Analysis Tools
+ - name: Cuckoo Sandbox 3
+ description: >-
+ Automatisiertes Malware-Analysesystem der neuesten Generation.
+ Hauptsächlich für die Analysephase mit dynamischer Verhaltensanalyse
+ in isolierten Umgebungen.
domains:
- - "platform-infrastructure"
- - "storage-file-system"
+ - malware-analysis
+ - incident-response
phases:
- - "data-collection"
- - "Auswertung"
- platforms: ["Linux", "Windows"]
- skillLevel: "advanced"
- accessType: "self-hosted"
- url: "https://github.com/google/grr"
- projectUrl: ""
- license: "Apache 2.0"
- tags: ["live-forensics", "remote", "scalable", "enterprise"]
- statusUrl: ""
+ - analysis
+ platforms:
+ - Linux
+ skillLevel: advanced
+ accessType: self-hosted
+ url: https://github.com/cert-ee/cuckoo3
+ projectUrl: ''
+ license: GPL-3.0
+ tags:
+ - dynamic-analysis
+ - behavior-monitoring
+ - sandbox-analysis
+ - api-monitoring
+ - network-monitoring
+ - yara-integration
+ - automated-analysis
+ - json-export
+ - malware-detection
+ statusUrl: ''
- - name: "Plaso (log2timeline)"
- description: "Tool zur automatischen Erstellung von Super-Timelines aus verschiedenen Log-Dateien und Artefakten"
+ - name: Ghidra
+ description: >-
+ NSA-entwickeltes Reverse-Engineering-Framework für statische
+ Malware-Analyse. Primär für tiefgehende Code-Analyse in der
+ Analysephase.
domains:
- - "storage-file-system"
- - "application-code"
+ - malware-analysis
+ - ics-forensics
phases:
- - "Analyse"
- platforms: ["Linux", "Windows", "macOS"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://plaso.readthedocs.io/"
- projectUrl: ""
- license: "Apache 2.0"
- tags: ["timeline", "log-parsing", "correlation", "automation"]
+ - analysis
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: expert
+ accessType: download
+ url: https://ghidra-sre.org/
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - reverse-engineering
+ - disassembly
+ - decompilation
+ - scripting-support
+ - multi-architecture
+ - collaborative-re
+ - plugin-architecture
+ - binary-analysis
- - name: "NetworkMiner"
- description: "Netzwerk-Forensik-Analyse-Tool für Paket-Sniffing und Extraktion von Dateien, Bildern und Anmeldedaten"
+ # Data Processing & Analysis
+ - name: Plaso (log2timeline)
+ description: >-
+ Tool zur automatischen Erstellung von Super-Timelines. Hauptsächlich
+ für Datensammlung und Auswertung, bereitet Zeitstempel-Daten für
+ die Analyse vor.
domains:
- - "network-communication"
+ - incident-response
+ - law-enforcement
+ - fraud-investigation
phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows", "Linux (Mono)"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://www.netresec.com/?page=NetworkMiner"
- projectUrl: ""
- license: "Freeware/Commercial"
- tags: ["pcap", "passive", "extraction", "credentials"]
+ - data-collection
+ - examination
+ platforms:
+ - Linux
+ - Windows
+ - macOS
+ skillLevel: intermediate
+ accessType: download
+ url: https://plaso.readthedocs.io/
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - timeline-generation
+ - log-parsing
+ - artifact-parsing
+ - multi-format-support
+ - elasticsearch-output
+ - timesketch-integration
+ - automation
+ - batch-processing
- - name: "Redline"
- description: "Memory- und Host-Analyse-Tool von FireEye/Mandiant für IOC-Scanning und Endpoint-Forensik"
+ - name: CyberChef
+ description: >-
+ Web-basiertes Tool für Datenmanipulation und -analyse. Vielseitig
+ einsetzbar in Auswertung und Analyse für Dekodierung, Verschlüsselung
+ und Datenextraktion.
domains:
- - "memory-runtime"
- - "application-code"
+ - incident-response
+ - malware-analysis
+ - network-forensics
+ - fraud-investigation
phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://www.mandiant.com/resources/download/redline"
- projectUrl: ""
- license: "Proprietary"
- tags: ["memory", "ioc", "endpoint", "freeware"]
+ - examination
+ - analysis
+ platforms:
+ - Web
+ skillLevel: beginner
+ accessType: web-based
+ url: https://gchq.github.io/CyberChef/
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - data-transformation
+ - encoding-decoding
+ - encryption-tools
+ - regex-extraction
+ - file-analysis
+ - magic-detection
+ - recipe-automation
+ - offline-capable
- - name: "KAPE"
- description: "Triage-Tool für schnelle Sammlung und Parsing forensischer Artefakte mit modularem Ansatz"
+ # Remote Forensics & Endpoint Detection
+ - name: Velociraptor
+ description: >-
+ Endpoint-Visibility- und DFIR-Tool für Hunting und Remote-Forensik.
+ Exzellent für Datensammlung in großen Netzwerken, unterstützt
+ alle Phasen durch VQL-Abfragen.
domains:
- - "storage-file-system"
- - "platform-infrastructure"
+ - incident-response
+ - malware-analysis
+ - law-enforcement
phases:
- - "data-collection"
- - "Analyse"
- platforms: ["Windows"]
- skillLevel: "intermediate"
- accessType: "download"
- url: "https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape"
- projectUrl: ""
- license: "Freeware"
- tags: ["triage", "artifacts", "modular", "fast"]
+ - data-collection
+ - examination
+ - analysis
+ - reporting
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: advanced
+ accessType: self-hosted
+ url: https://www.velociraptor.app/
+ projectUrl: https://raptor.cc24.dev
+ license: Apache 2.0
+ tags:
+ - remote-collection
+ - live-forensics
+ - hunt-queries
+ - vql-language
+ - artifact-collection
+ - event-monitoring
+ - scalable-deployment
+ - api-available
+ - reporting-notebooks
+ statusUrl: https://status.mikoshi.de/api/badge/33/status
- - name: "Velociraptor"
- description: "Endpoint-Visibility- und DFIR-Tool für Hunting, Monitoring und Remote-Forensik mit VQL-Abfragesprache"
+ - name: GRR Rapid Response
+ description: >-
+ Remote-Live-Forensik von Google für skalierbare Incident-Response.
+ Fokus auf Datensammlung in Unternehmensnetzwerken mit
+ Hunt-Funktionalität.
domains:
- - "platform-infrastructure"
- - "storage-file-system"
+ - incident-response
+ - law-enforcement
phases:
- - "data-collection"
- - "Auswertung"
- platforms: ["Windows", "Linux", "macOS"]
- skillLevel: "advanced"
- accessType: "self-hosted"
- url: "https://www.velociraptor.app/"
- projectUrl: "https://raptor.cc24.dev"
- license: "Apache 2.0"
- tags: ["hunting", "endpoint", "monitoring", "vql"]
- statusUrl: "https://status.mikoshi.de/api/badge/33/status"
+ - data-collection
+ - examination
+ platforms:
+ - Linux
+ - Windows
+ - macOS
+ skillLevel: advanced
+ accessType: self-hosted
+ url: https://github.com/google/grr
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - remote-forensics
+ - scalable-collection
+ - hunt-capability
+ - flow-automation
+ - artifact-collection
+ - memory-acquisition
+ - api-available
+ - enterprise-ready
+ statusUrl: ''
- - name: "Arkime"
- description: "Skalierbare Full-Packet-Capture- und Analyseplattform für große Netzwerkumgebungen"
+ # Network Packet Analysis
+ - name: Arkime (formerly Moloch)
+ description: >-
+ Skalierbare Full-Packet-Capture-Plattform für große Netzwerke.
+ Primär für Datensammlung und Auswertung von Netzwerkverkehr
+ über längere Zeiträume.
domains:
- - "network-communication"
+ - network-forensics
+ - incident-response
phases:
- - "data-collection"
- - "Analyse"
- platforms: ["Linux"]
- skillLevel: "advanced"
- accessType: "self-hosted"
- url: "https://arkime.com/"
- projectUrl: ""
- license: "Apache 2.0"
- tags: ["pcap", "scalable", "indexing", "search"]
- statusUrl: ""
+ - data-collection
+ - examination
+ - analysis
+ platforms:
+ - Linux
+ skillLevel: expert
+ accessType: self-hosted
+ url: https://arkime.com/
+ projectUrl: ''
+ license: Apache 2.0
+ tags:
+ - full-packet-capture
+ - pcap-indexing
+ - session-analysis
+ - elasticsearch-backend
+ - api-available
+ - scalable-storage
+ - query-language
+ - visualization
+ statusUrl: ''
- - name: "X-Ways Forensics"
- description: "Fortgeschrittene Arbeitsumgebung für Computer-Forensik-Prüfer mit effizienter Dateiwiederherstellung"
+ - name: NetworkMiner
+ description: >-
+ Netzwerk-Forensik-Tool für Paket-Analyse und Datei-Extraktion.
+ Spezialisiert auf Auswertung von PCAP-Dateien und Extraktion
+ übertragener Inhalte.
domains:
- - "storage-file-system"
+ - network-forensics
+ - incident-response
phases:
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Windows"]
- skillLevel: "advanced"
- accessType: "commercial"
- url: "https://www.x-ways.net/forensics/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["disk", "recovery", "commercial", "efficient"]
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Linux (Mono)
+ skillLevel: beginner
+ accessType: download
+ url: https://www.netresec.com/?page=NetworkMiner
+ projectUrl: ''
+ license: GPL-2.0 / Commercial
+ tags:
+ - pcap-analysis
+ - file-extraction
+ - credential-extraction
+ - os-fingerprinting
+ - session-reconstruction
+ - image-extraction
+ - certificate-extraction
+ - passive-analysis
- # Multimedia Forensics Tools
- - name: "Amped FIVE"
- description: "Umfassende forensische Bild- und Videoanalyse-Software mit über 140 wissenschaftlich validierten Filtern für Verbesserung und Authentifizierung"
+ # Triage & Collection Tools
+ - name: KAPE
+ description: >-
+ Kroll Artifact Parser and Extractor für schnelle Triage.
+ Hauptsächlich für automatisierte Datensammlung mit modularem
+ Ansatz und Target/Module-System.
domains:
- - "multimedia-content"
+ - incident-response
+ - law-enforcement
phases:
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Windows"]
- skillLevel: "intermediate"
- accessType: "commercial"
- url: "https://ampedsoftware.com/five"
- projectUrl: ""
- license: "Proprietary"
- tags: ["video", "image", "enhancement", "court-accepted"]
+ - data-collection
+ - examination
+ platforms:
+ - Windows
+ skillLevel: intermediate
+ accessType: download
+ url: >-
+ https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape
+ projectUrl: ''
+ license: Freeware
+ tags:
+ - triage-collection
+ - artifact-parsing
+ - modular-framework
+ - target-system
+ - batch-processing
+ - portable-tool
+ - automated-collection
+ - windows-artifacts
- - name: "Cognitech TriSuite64"
- description: "Forensische Video-Analyse-Suite mit patentierten 3D-Photogrammetrie-Funktionen für Tatortmessungen und Fahrzeugidentifikation"
+ # Metadata & File Analysis
+ - name: ExifTool
+ description: >-
+ Universelles Metadaten-Tool für über 200 Dateiformate. Unverzichtbar
+ für Auswertung von Bild- und Dokumentmetadaten in allen
+ forensischen Szenarien.
domains:
- - "multimedia-content"
+ - law-enforcement
+ - incident-response
+ - fraud-investigation
phases:
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Windows"]
- skillLevel: "advanced"
- accessType: "commercial"
- url: "https://cognitech.com/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["video", "3d-Analyse", "photogrammetry", "measurement"]
+ - examination
+ - analysis
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: novice
+ accessType: download
+ url: https://exiftool.org/
+ projectUrl: ''
+ license: Perl Artistic License
+ tags:
+ - metadata-extraction
+ - exif-analysis
+ - gps-extraction
+ - batch-processing
+ - command-line
+ - scripting-support
+ - multi-format
+ - portable-tool
- - name: "ExifTool"
- description: "Plattformunabhängiges Tool zum Lesen, Schreiben und Bearbeiten von Metadaten in über 200 Dateiformaten"
+ # Financial & Fraud Investigation
+ - name: Chainalysis
+ description: >-
+ Führende Blockchain-Intelligence-Plattform für Kryptowährungs-
+ Ermittlungen. Primär für Analyse von Geldflüssen und
+ Wallet-Verbindungen.
domains:
- - "multimedia-content"
- - "storage-file-system"
+ - fraud-investigation
+ - law-enforcement
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows", "Linux", "macOS"]
- skillLevel: "beginner"
- accessType: "download"
- url: "https://exiftool.org/"
- projectUrl: ""
- license: "Perl Artistic License"
- tags: ["metadata", "exif", "batch-processing", "opensource"]
+ - analysis
+ - reporting
+ platforms:
+ - Web
+ skillLevel: advanced
+ accessType: commercial
+ url: https://www.chainalysis.com/
+ projectUrl: ''
+ license: Proprietary
+ tags:
+ - blockchain-analysis
+ - crypto-tracing
+ - wallet-clustering
+ - risk-scoring
+ - compliance-tools
+ - transaction-monitoring
+ - visualization
+ - api-available
- - name: "Amped Authenticate"
- description: "Forensische Bildauthentifizierungs-Software zur Erkennung von Manipulationen und Kamera-Ballistik"
+ # Visualization & Analysis
+ - name: Neo4j
+ description: >-
+ Graph-Datenbank für Visualisierung komplexer Beziehungen.
+ Besonders wertvoll in der Analysephase für Netzwerk- und
+ Verbindungsanalysen.
domains:
- - "multimedia-content"
+ - fraud-investigation
+ - law-enforcement
+ - incident-response
phases:
- - "Auswertung"
- - "Analyse"
- platforms: ["Windows"]
- skillLevel: "advanced"
- accessType: "commercial"
- url: "https://ampedsoftware.com/authenticate"
- projectUrl: ""
- license: "Proprietary"
- tags: ["image", "authentication", "tampering", "camera-matching"]
+ - analysis
+ - reporting
+ platforms:
+ - Web
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: intermediate
+ accessType: self-hosted
+ url: https://neo4j.com/
+ projectUrl: https://graph.cc24.dev
+ license: GPL-3.0 / Commercial
+ tags:
+ - graph-database
+ - relationship-analysis
+ - data-visualization
+ - cypher-query
+ - pattern-detection
+ - api-available
+ - import-tools
+ - scalable-analysis
+ statusUrl: https://status.mikoshi.de/api/badge/32/status
- # Financial Forensics Tools
- - name: "ACL Analytics (IDEA)"
- description: "Leistungsstarke Datenanalyse-Software für Audit und Compliance mit über 100 vordefinierten Prüfroutinen"
+ - name: QGIS
+ description: >-
+ Open-Source Geoinformationssystem für räumliche Datenanalyse.
+ Wertvoll für Berichterstattung bei Fällen mit GPS-Daten aus
+ Smartphones oder Fahrzeugen.
domains:
- - "transaction-financial"
- - "storage-file-system"
+ - law-enforcement
+ - mobile-forensics
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Windows"]
- skillLevel: "intermediate"
- accessType: "commercial"
- url: "https://www.caseware.com/us/products/idea/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["audit", "compliance", "data-Analyse", "automation"]
+ - analysis
+ - reporting
+ platforms:
+ - Windows
+ - Linux
+ - macOS
+ skillLevel: intermediate
+ accessType: download
+ url: https://qgis.org/
+ projectUrl: ''
+ license: GPL-2.0
+ tags:
+ - geospatial-analysis
+ - gps-visualization
+ - map-generation
+ - coordinate-analysis
+ - timeline-mapping
+ - export-formats
+ - plugin-ecosystem
+ - python-scripting
- - name: "Chainalysis"
- description: "Blockchain-Intelligence-Plattform für Kryptowährungs-Ermittlungen und Geldflussanalyse über verschiedene Chains"
+ # Collaboration & Documentation
+ - name: Nextcloud
+ description: >-
+ Self-Hosted-Plattform für sicheren Dateiaustausch. Ideal für
+ kollaborative Phasen und sichere Speicherung von Beweismitteln
+ mit Versionierung.
domains:
- - "transaction-financial"
- - "network-communication"
+ - incident-response
+ - law-enforcement
+ - fraud-investigation
phases:
- - "data-collection"
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "advanced"
- accessType: "commercial"
- url: "https://www.chainalysis.com/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["blockchain", "cryptocurrency", "money-flow", "compliance"]
+ - collaboration
+ - reporting
+ platforms:
+ - Web
+ skillLevel: novice
+ accessType: self-hosted
+ url: https://nextcloud.com/
+ projectUrl: https://cloud.cc24.dev
+ license: AGPL-3.0
+ tags:
+ - file-sharing
+ - collaboration
+ - encryption
+ - version-control
+ - access-control
+ - audit-logging
+ - mobile-sync
+ - api-available
+ statusUrl: https://status.mikoshi.de/api/badge/11/status
- - name: "FraudFindr"
- description: "Forensische Buchhaltungssoftware für automatisierte Analyse von Finanztransaktionen und Betrugserkennung"
+ - name: Gitea
+ description: >-
+ Leichtgewichtiger Git-Service für Versionskontrolle. Nützlich
+ für Dokumentation von Skripten, Playbooks und forensischen
+ Prozeduren.
domains:
- - "transaction-financial"
+ - incident-response
+ - malware-analysis
phases:
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "commercial"
- url: "https://fraudfindr.com/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["fraud-detection", "transaction", "Bericht & Präsentation", "automation"]
+ - collaboration
+ - reporting
+ platforms:
+ - Web
+ skillLevel: beginner
+ accessType: self-hosted
+ url: https://gitea.io/
+ projectUrl: https://git.cc24.dev
+ license: MIT
+ tags:
+ - version-control
+ - code-repository
+ - documentation
+ - collaboration
+ - issue-tracking
+ - markdown-support
+ - api-available
+ - lightweight
+ statusUrl: https://status.mikoshi.de/api/badge/18/status
- - name: "Valid8 Financial"
- description: "Verifizierte Financial-Intelligence-Plattform für Transaktions-Tracing und forensische Buchhaltungsanalyse"
+ # Additional Tools
+ - name: Binwalk
+ description: >-
+ Firmware-Analyse-Tool für eingebettete Dateisysteme. Spezialisiert
+ auf Extraktion und Analyse von Firmware-Images in IoT- und
+ ICS-Forensik.
domains:
- - "transaction-financial"
+ - ics-forensics
+ - malware-analysis
+ - mobile-forensics
phases:
- - "Auswertung"
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "commercial"
- url: "https://www.valid8financial.com/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["transaction", "verification", "visualization", "tracing"]
+ - examination
+ - analysis
+ platforms:
+ - Linux
+ - macOS
+ skillLevel: advanced
+ accessType: download
+ url: https://github.com/ReFirmLabs/binwalk
+ projectUrl: ''
+ license: MIT
+ tags:
+ - firmware-analysis
+ - file-carving
+ - entropy-analysis
+ - signature-scanning
+ - extraction-tool
+ - iot-forensics
+ - embedded-systems
+ - python-api
- - name: "DocuClipper"
- description: "KI-gestütztes OCR-Tool zur Extraktion und Analyse von Bankdaten aus PDF- und gescannten Dokumenten"
- domains:
- - "transaction-financial"
- - "storage-file-system"
- phases:
- - "data-collection"
- - "Analyse"
- platforms: ["Web"]
- skillLevel: "beginner"
- accessType: "commercial"
- url: "https://www.docuclipper.com/"
- projectUrl: ""
- license: "Proprietary"
- tags: ["ocr", "bank-statements", "extraction", "ai"]
-
- # Visualization and Analyse Tools
- - name: "Neo4j"
- description: "Graph-Datenbank für Visualisierung komplexer Beziehungen und Netzwerkanalyse in forensischen Untersuchungen"
- domains:
- - "network-communication"
- - "application-code"
- - "transaction-financial"
- phases:
- - "Analyse"
- - "Bericht & Präsentation"
- platforms: ["Web", "Windows", "Linux", "macOS"]
- skillLevel: "intermediate"
- accessType: "self-hosted"
- url: "https://neo4j.com/"
- projectUrl: "https://graph.cc24.dev"
- license: "GPL-3.0 / Commercial"
- tags: ["graph", "visualization", "relationships", "queries"]
- statusUrl: "https://status.mikoshi.de/api/badge/32/status"
-
- # Collaboration Tools - Domain-agnostic
- - name: "Nextcloud"
- description: "Self-Hosted-Plattform für sicheren Dateiaustausch und Zusammenarbeit mit End-to-End-Verschlüsselung"
- domains: [] # Domain-agnostic
- phases:
- - "collaboration"
- platforms: ["Web"]
- skillLevel: "beginner"
- accessType: "self-hosted"
- url: "https://nextcloud.com/de/"
- projectUrl: "https://cloud.cc24.dev"
- license: "AGPL-3.0"
- tags: ["file-sharing", "collaboration", "encryption", "privacy"]
- statusUrl: "https://status.mikoshi.de/api/badge/11/status"
-
- - name: "Gitea"
- description: "Leichtgewichtiger Self-Hosted Git-Service für Code-Kollaboration, Versionskontrolle und Dokumentation"
- domains: [] # Domain-agnostic
- phases:
- - "collaboration"
- platforms: ["Web"]
- skillLevel: "intermediate"
- accessType: "self-hosted"
- url: "https://gitea.org.lab"
- projectUrl: "https://git.cc24.dev"
- license: "MIT"
- tags: ["version-control", "git", "documentation", "lightweight"]
- statusUrl: "https://status.mikoshi.de/api/badge/18/status"
-
-# Domain definitions for reference
domains:
- - id: "storage-file-system"
- name: "Storage & File System Artifacts"
- - id: "memory-runtime"
- name: "Memory & Runtime Artifacts"
- - id: "network-communication"
- name: "Network & Communication Artifacts"
- - id: "application-code"
- name: "Application & Code Artifacts"
- - id: "multimedia-content"
- name: "Multimedia & Content Artifacts"
- - id: "transaction-financial"
- name: "Transaction & Financial Artifacts"
- - id: "platform-infrastructure"
- name: "Platform & Infrastructure Artifacts"
+ - id: incident-response
+ name: Incident Response & Breach-Untersuchung
+ - id: law-enforcement
+ name: Strafverfolgung & Kriminalermittlung
+ - id: malware-analysis
+ name: Malware-Analyse & Reverse Engineering
+ - id: fraud-investigation
+ name: Betrugs- & Finanzkriminalität
+ - id: network-forensics
+ name: Netzwerk-Forensik & Traffic-Analyse
+ - id: mobile-forensics
+ name: Mobile Geräte & App-Forensik
+ - id: cloud-forensics
+ name: Cloud & Virtuelle Umgebungen
+ - id: ics-forensics
+ name: Industrielle Kontrollsysteme (ICS/SCADA)
-# Phase definitions for reference
phases:
- - id: "data-collection"
- name: "Datensammlung"
- - id: "Auswertung"
- name: "Auswertung"
- - id: "Analyse"
- name: "Analyse"
- - id: "Bericht & Präsentation"
- name: "Bericht & Präsentation"
- - id: "collaboration"
- name: "Übergreifend & Kollaboration"
\ No newline at end of file
+ - id: data-collection
+ name: Datensammlung
+ - id: examination
+ name: Auswertung
+ - id: analysis
+ name: Analyse
+ - id: reporting
+ name: Bericht & Präsentation
+ - id: collaboration
+ name: Übergreifend & Kollaboration
\ No newline at end of file
diff --git a/src/pages/index.astro b/src/pages/index.astro
index 1f57985..d0c2548 100644
--- a/src/pages/index.astro
+++ b/src/pages/index.astro
@@ -148,13 +148,15 @@ function createToolCard(tool) {
const cardDiv = document.createElement('div');
const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'Proprietary' ? 'card card-oss' : 'card');
cardDiv.className = cardClass;
+ cardDiv.style.cursor = 'pointer';
+ cardDiv.onclick = () => (window as any).showToolDetails(tool.name);
// Create button HTML based on hosting status
let buttonHTML;
if (hasValidProjectUrl) {
// Two buttons for tools we're hosting
buttonHTML = `
-