mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 17 Pull Requests Projects Releases Activity

content overhaul

Browse Source
This commit is contained in:
overcuriousity
2025-07-28 10:46:17 +02:00
parent b1834aace1
commit 81bbafeef1
5 changed files with 2354 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
src/data/tools.yaml.example
View File

@@ -1,177 +1,83 @@
tools:
- name: Rapid Incident Response Triage on macOS
icon: 📋
type: method
description: >-
Spezialisierte Methodik für die schnelle Incident Response auf
macOS-Systemen mit Fokus auf die Sammlung kritischer forensischer
Artefakte in unter einer Stunde. Adressiert die Lücke zwischen
Windows-zentrierten IR-Prozessen und macOS-spezifischen
Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente
Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für
Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften.
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- data-collection
- examination
platforms: []
related_concepts: null
related_software:
- Aftermath
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: >-
https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/
projectUrl: null
license: null
knowledgebase: null
tags:
- macos
- rapid-response
- triage
- incident-response
- aftermath
- enterprise
- methodology
- apple
- name: Aftermath
icon: 📦
- name: Autopsy
type: software
description: >-
Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte
auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen,
Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne
Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in
Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und
erstellt durchsuchbare Ausgabeformate für effiziente Analyse.
Die führende Open-Source-Alternative zu kommerziellen Forensik-Suiten mit
intuitiver grafischer Oberfläche. Besonders stark in der Timeline-Analyse,
Keyword-Suche und dem Carving gelöschter Dateien. Die modulare
Plugin-Architektur erlaubt Erweiterungen für spezielle
Untersuchungsszenarien. Zwar komplexer als kommerzielle Lösungen, aber
dafür vollständig transparent und kostenfrei.
skillLevel: intermediate
url: https://www.autopsy.com/
icon: 📦
domains:
- incident-response
- static-investigations
- malware-analysis
- mobile-forensics
- cloud-forensics
phases:
- data-collection
- examination
platforms:
- macOS
- analysis
tags:
- gui
- filesystem
- timeline-analysis
- carving
- artifact-extraction
- keyword-search
- scenario:file_recovery
- scenario:browser_history
related_concepts:
- SQL Query Fundamentals
- Hash Functions & Digital Signatures
related_software: null
domain-agnostic-software: null
skillLevel: intermediate
platforms:
- Windows
- Linux
accessType: download
url: https://github.com/jamf/aftermath/
projectUrl: ''
license: Apache 2.0
knowledgebase: false
tags:
- macos
- incident-response
- triage
- artifact-collection
- rapid-response
- jamf
- enterprise
- commandline
- name: Regular Expressions (Regex)
icon: 🔤
type: concept
- name: Volatility 3
type: software
description: >-
Pattern matching language for searching, extracting, and manipulating
text. Essential for log analysis, malware signature creation, and data
extraction from unstructured sources. Forms the backbone of many forensic
tools and custom scripts.
domains:
- incident-response
- malware-analysis
- network-forensics
- fraud-investigation
phases:
- examination
- analysis
platforms: []
related_concepts: null
related_software: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: https://regexr.com/
projectUrl: null
license: null
knowledgebase: true
tags:
- pattern-matching
- text-processing
- log-analysis
- string-manipulation
- search-algorithms
- name: SQL Query Fundamentals
icon: 🗃️
type: concept
description: >-
Structured Query Language for database interrogation and analysis.
Critical for examining application databases, SQLite artifacts from
mobile devices, and browser history databases. Enables complex
correlation and filtering of large datasets.
domains:
- incident-response
- mobile-forensics
- fraud-investigation
- cloud-forensics
phases:
- examination
- analysis
platforms: []
related_concepts: null
related_software: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: https://www.w3schools.com/sql/
projectUrl: null
license: null
knowledgebase: false
tags:
- database-analysis
- query-language
- data-correlation
- mobile-artifacts
- browser-forensics
- name: Hash Functions & Digital Signatures
icon: 🔐
type: concept
description: >-
Cryptographic principles for data integrity verification and
authentication. Fundamental for evidence preservation, malware
identification, and establishing chain of custody. Understanding of MD5,
SHA, and digital signature validation.
Das Universalwerkzeug der Live-Forensik, unverzichtbar für die Analyse von
RAM-Dumps. Mit über 100 Plugins extrahiert es Prozesse,
Netzwerkverbindungen, Registry-Keys und versteckte Malware aus dem
Arbeitsspeicher. Die Python-basierte Architektur macht es flexibel
erweiterbar, erfordert aber solide Kommandozeilen-Kenntnisse. Version 3
bringt deutliche Performance-Verbesserungen und bessere
Formatunterstützung.
skillLevel: advanced
url: https://www.volatilityfoundation.org/
icon: 📦
domains:
- incident-response
- static-investigations
- malware-analysis
- cloud-forensics
- network-forensics
phases:
- data-collection
- examination
platforms: []
related_concepts: null
related_software: null
domain-agnostic-software: null
skillLevel: advanced
accessType: null
url: https://en.wikipedia.org/wiki/Cryptographic_hash_function
projectUrl: null
license: null
knowledgebase: false
- analysis
scenarios:
- scenario:memory_dump
tags:
- cryptography
- data-integrity
- evidence-preservation
- malware-identification
- chain-of-custody
- commandline
- memory
- malware-analysis
- artifact-extraction
- scripting
- process-analysis
related_concepts:
- Hash Functions & Digital Signatures
- Regular Expressions (Regex)
platforms:
- Windows
- Linux
- macOS
accessType: download
license: VSL
knowledgebase: false
domains:
- id: incident-response
name: Incident Response & Breach-Untersuchung
@@ -212,9 +118,27 @@ domain-agnostic-software:
name: Betriebssysteme
description: Operating Systems which focus on forensics
scenarios:
- id: registry
icon: 🗃️
friendly_name: "Registry-Analyse"
- id: memory-forensics
- id: scenario:disk_imaging
icon: 💽
friendly_name: Datenträgerabbild
- id: scenario:memory_dump
icon: 🧠
friendly_name: "Memory-Forensik"
friendly_name: RAM-Analyse
- id: scenario:file_recovery
icon: 🗑️
friendly_name: Datenrettung
- id: scenario:browser_history
icon: 🌍
friendly_name: Browser-Spuren
- id: scenario:credential_theft
icon: 🛑
friendly_name: Zugangsdiebstahl
- id: scenario:remote_access
icon: 📡
friendly_name: Fernzugriffe
- id: scenario:persistence
icon: ♻️
friendly_name: Persistenzsuche
- id: scenario:windows-registry
icon: 📜
friendly_name: Registry-Analyse