mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 17 Pull Requests Projects Releases Activity

überarbeitung backend-code

Browse Source
This commit is contained in:
overcuriousity
2025-07-14 17:34:48 +02:00
parent b842df040c
commit 92dcd2ab74
6 changed files with 303 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

271
src/data/tools.yaml
View File

@@ -4,7 +4,7 @@
tools:
- name: "Autopsy"
description: "Open source digital forensics platform with a graphical interface"
description: "Open-Source digitale Forensik-Plattform mit grafischer Benutzeroberfläche für Festplatten- und Dateisystemanalyse"
domains:
- "storage-file-system"
- "application-code"
@@ -17,11 +17,10 @@ tools:
url: "https://www.autopsy.com/"
projectUrl: ""
license: "Apache 2.0"
tags: ["disk-forensics", "file-recovery", "timeline-analysis"]
isHosted: false
tags: ["disk", "recovery", "timeline", "opensource"]
- name: "Volatility 3"
description: "Advanced memory forensics framework for incident response and malware analysis"
description: "Fortgeschrittenes Memory-Forensik-Framework für Incident Response und Malware-Analyse mit Plugin-Architektur"
domains:
- "memory-runtime"
phases:
@@ -33,11 +32,10 @@ tools:
url: "https://www.volatilityfoundation.org/"
projectUrl: ""
license: "VSL"
tags: ["memory-forensics", "malware-analysis", "incident-response"]
isHosted: false
tags: ["memory", "malware", "runtime", "plugins"]
- name: "TheHive"
description: "Security incident response platform for SOCs, CERTs and security teams"
description: "Kollaborative Security-Incident-Response-Plattform für SOCs, CERTs und Sicherheitsteams mit Case-Management"
domains:
- "storage-file-system"
- "network-communication"
@@ -53,12 +51,11 @@ tools:
url: "https://strangebee.com/"
projectUrl: ""
license: "AGPL-3.0"
tags: ["incident-response", "case-management", "collaboration"]
isHosted: true
tags: ["incident-response", "case-management", "collaboration", "workflow"]
statusUrl: "https://uptime.example.lab/api/badge/1/status"
- name: "MISP"
description: "Malware Information Sharing Platform for threat intelligence"
description: "Threat-Intelligence-Plattform für strukturierten Austausch von Indicators of Compromise (IoCs) und Bedrohungsinformationen"
domains:
- "network-communication"
- "application-code"
@@ -72,12 +69,11 @@ tools:
url: "https://misp-project.org/"
projectUrl: "https://misp.cc24.dev"
license: "AGPL-3.0"
tags: ["threat-intelligence", "ioc-sharing", "collaboration"]
isHosted: true
tags: ["threat-intelligence", "ioc", "sharing", "automation"]
statusUrl: "https://uptime.example.lab/api/badge/2/status"
- name: "Timesketch"
description: "Collaborative forensic timeline analysis platform"
description: "Kollaborative forensische Timeline-Analyse-Plattform für chronologische Ereigniskorrelation und -visualisierung"
domains:
- "storage-file-system"
- "network-communication"
@@ -90,12 +86,11 @@ tools:
url: "https://timesketch.org/"
projectUrl: "https://timesketch.cc24.dev"
license: "Apache 2.0"
tags: ["timeline-analysis", "collaboration", "visualization"]
isHosted: true
tags: ["timeline", "visualization", "collaboration", "correlation"]
statusUrl: "https://uptime.example.lab/api/badge/3/status"
- name: "Wireshark"
description: "Network protocol analyzer for network troubleshooting and analysis"
description: "Netzwerk-Protokoll-Analyzer für Paketaufzeichnung und -analyse mit umfangreichen Dekodierungsfähigkeiten"
domains:
- "network-communication"
phases:
@@ -108,11 +103,10 @@ tools:
url: "https://www.wireshark.org/"
projectUrl: ""
license: "GPL-2.0"
tags: ["network-analysis", "pcap", "protocol-analysis"]
isHosted: false
tags: ["network", "pcap", "protocol", "realtime"]
- name: "EnCase"
description: "Commercial digital investigation platform"
description: "Kommerzielle digitale Ermittlungsplattform mit gerichtlich anerkannten Forensik-Funktionen und umfassender Berichterstattung"
domains:
- "storage-file-system"
- "memory-runtime"
@@ -127,11 +121,10 @@ tools:
url: "https://www.opentext.com/products/encase-forensic"
projectUrl: ""
license: "Proprietary"
tags: ["commercial", "enterprise", "court-approved"]
isHosted: false
tags: ["commercial", "enterprise", "court-approved", "comprehensive"]
- name: "Cuckoo Sandbox"
description: "Automated malware analysis system using virtualization"
description: "Automatisiertes Malware-Analysesystem mit virtualisierter Umgebung für dynamische Verhaltensanalyse"
domains:
- "application-code"
- "network-communication"
@@ -144,12 +137,11 @@ tools:
url: "https://cuckoosandbox.org/"
projectUrl: ""
license: "GPL-3.0"
tags: ["malware-analysis", "sandbox", "dynamic-analysis"]
isHosted: true
tags: ["malware", "sandbox", "dynamic-analysis", "automation"]
statusUrl: ""
- name: "FTK Imager"
description: "Forensic imaging and preview tool by Exterro"
description: "Forensisches Imaging- und Vorschau-Tool für Erstellung forensischer Kopien und erste Datenanalyse"
domains:
- "storage-file-system"
phases:
@@ -161,11 +153,10 @@ tools:
url: "https://exterro.com/ftk-imager"
projectUrl: ""
license: "Proprietary"
tags: ["disk-imaging", "preview", "data-acquisition"]
isHosted: false
tags: ["imaging", "preview", "acquisition", "freeware"]
- name: "GRR Rapid Response"
description: "Remote live forensics platform by Google"
description: "Remote-Live-Forensik-Plattform von Google für skalierbare Incident-Response auf Unternehmensnetzwerken"
domains:
- "platform-infrastructure"
- "storage-file-system"
@@ -178,12 +169,11 @@ tools:
url: "https://github.com/google/grr"
projectUrl: ""
license: "Apache 2.0"
tags: ["live-forensics", "remote-response", "dfir"]
isHosted: true
tags: ["live-forensics", "remote", "scalable", "enterprise"]
statusUrl: ""
- name: "Plaso (log2timeline)"
description: "Tool for automatic creation of timelines from various log files"
description: "Tool zur automatischen Erstellung von Super-Timelines aus verschiedenen Log-Dateien und Artefakten"
domains:
- "storage-file-system"
- "application-code"
@@ -195,11 +185,10 @@ tools:
url: "https://plaso.readthedocs.io/"
projectUrl: ""
license: "Apache 2.0"
tags: ["timeline-analysis", "log-parsing", "dfir"]
isHosted: false
tags: ["timeline", "log-parsing", "correlation", "automation"]
- name: "NetworkMiner"
description: "Network forensic analysis tool (NFAT)"
description: "Netzwerk-Forensik-Analyse-Tool für Paket-Sniffing und Extraktion von Dateien, Bildern und Anmeldedaten"
domains:
- "network-communication"
phases:
@@ -211,11 +200,10 @@ tools:
url: "https://www.netresec.com/?page=NetworkMiner"
projectUrl: ""
license: "Freeware/Commercial"
tags: ["pcap-analysis", "passive-sniffing", "credential-recovery"]
isHosted: false
tags: ["pcap", "passive", "extraction", "credentials"]
- name: "Redline"
description: "Memory and host analysis tool from FireEye"
description: "Memory- und Host-Analyse-Tool von FireEye/Mandiant für IOC-Scanning und Endpoint-Forensik"
domains:
- "memory-runtime"
- "application-code"
@@ -228,11 +216,10 @@ tools:
url: "https://www.mandiant.com/resources/download/redline"
projectUrl: ""
license: "Proprietary"
tags: ["memory-analysis", "ioc-scan", "host-analysis"]
isHosted: false
tags: ["memory", "ioc", "endpoint", "freeware"]
- name: "KAPE"
description: "Triage tool to collect and parse forensic artifacts quickly"
description: "Triage-Tool für schnelle Sammlung und Parsing forensischer Artefakte mit modularem Ansatz"
domains:
- "storage-file-system"
- "platform-infrastructure"
@@ -245,11 +232,10 @@ tools:
url: "https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape"
projectUrl: ""
license: "Freeware"
tags: ["triage", "artifact-collection", "parsing"]
isHosted: false
tags: ["triage", "artifacts", "modular", "fast"]
- name: "Velociraptor"
description: "Endpoint visibility and DFIR tool by Rapid7"
description: "Endpoint-Visibility- und DFIR-Tool für Hunting, Monitoring und Remote-Forensik mit VQL-Abfragesprache"
domains:
- "platform-infrastructure"
- "storage-file-system"
@@ -260,14 +246,13 @@ tools:
skillLevel: "advanced"
accessType: "self-hosted"
url: "https://www.velociraptor.app/"
projectUrl: ""
projectUrl: "https://velociraptor.cc24.dev"
license: "Apache 2.0"
tags: ["dfir", "hunting", "endpoint-monitoring"]
isHosted: true
statusUrl: ""
tags: ["hunting", "endpoint", "monitoring", "vql"]
statusUrl: "https://uptime.example.lab/api/badge/4/status"
- name: "Arkime"
description: "Large-scale full packet capture and analysis"
description: "Skalierbare Full-Packet-Capture- und Analyseplattform für große Netzwerkumgebungen"
domains:
- "network-communication"
phases:
@@ -279,12 +264,11 @@ tools:
url: "https://arkime.com/"
projectUrl: ""
license: "Apache 2.0"
tags: ["packet-capture", "full-packet-analysis", "network-forensics"]
isHosted: true
tags: ["pcap", "scalable", "indexing", "search"]
statusUrl: ""
- name: "X-Ways Forensics"
description: "Advanced work environment for computer forensic examiners"
description: "Fortgeschrittene Arbeitsumgebung für Computer-Forensik-Prüfer mit effizienter Dateiwiederherstellung"
domains:
- "storage-file-system"
phases:
@@ -297,12 +281,180 @@ tools:
url: "https://www.x-ways.net/forensics/"
projectUrl: ""
license: "Proprietary"
tags: ["disk-forensics", "file-recovery", "commercial"]
isHosted: false
tags: ["disk", "recovery", "commercial", "efficient"]
# Multimedia Forensics Tools
- name: "Amped FIVE"
description: "Umfassende forensische Bild- und Videoanalyse-Software mit über 140 wissenschaftlich validierten Filtern für Verbesserung und Authentifizierung"
domains:
- "multimedia-content"
phases:
- "examination"
- "analysis"
- "reporting"
platforms: ["Windows"]
skillLevel: "intermediate"
accessType: "commercial"
url: "https://ampedsoftware.com/five"
projectUrl: ""
license: "Proprietary"
tags: ["video", "image", "enhancement", "court-accepted"]
- name: "Cognitech TriSuite64"
description: "Forensische Video-Analyse-Suite mit patentierten 3D-Photogrammetrie-Funktionen für Tatortmessungen und Fahrzeugidentifikation"
domains:
- "multimedia-content"
phases:
- "examination"
- "analysis"
- "reporting"
platforms: ["Windows"]
skillLevel: "advanced"
accessType: "commercial"
url: "https://cognitech.com/"
projectUrl: ""
license: "Proprietary"
tags: ["video", "3d-analysis", "photogrammetry", "measurement"]
- name: "ExifTool"
description: "Plattformunabhängiges Tool zum Lesen, Schreiben und Bearbeiten von Metadaten in über 200 Dateiformaten"
domains:
- "multimedia-content"
- "storage-file-system"
phases:
- "data-collection"
- "examination"
- "analysis"
platforms: ["Windows", "Linux", "macOS"]
skillLevel: "beginner"
accessType: "download"
url: "https://exiftool.org/"
projectUrl: ""
license: "Perl Artistic License"
tags: ["metadata", "exif", "batch-processing", "opensource"]
- name: "Amped Authenticate"
description: "Forensische Bildauthentifizierungs-Software zur Erkennung von Manipulationen und Kamera-Ballistik"
domains:
- "multimedia-content"
phases:
- "examination"
- "analysis"
platforms: ["Windows"]
skillLevel: "advanced"
accessType: "commercial"
url: "https://ampedsoftware.com/authenticate"
projectUrl: ""
license: "Proprietary"
tags: ["image", "authentication", "tampering", "camera-matching"]
# Financial Forensics Tools
- name: "ACL Analytics (IDEA)"
description: "Leistungsstarke Datenanalyse-Software für Audit und Compliance mit über 100 vordefinierten Prüfroutinen"
domains:
- "transaction-financial"
- "storage-file-system"
phases:
- "data-collection"
- "examination"
- "analysis"
- "reporting"
platforms: ["Windows"]
skillLevel: "intermediate"
accessType: "commercial"
url: "https://www.caseware.com/us/products/idea/"
projectUrl: ""
license: "Proprietary"
tags: ["audit", "compliance", "data-analysis", "automation"]
- name: "Chainalysis"
description: "Blockchain-Intelligence-Plattform für Kryptowährungs-Ermittlungen und Geldflussanalyse über verschiedene Chains"
domains:
- "transaction-financial"
- "network-communication"
phases:
- "data-collection"
- "examination"
- "analysis"
- "reporting"
platforms: ["Web"]
skillLevel: "advanced"
accessType: "commercial"
url: "https://www.chainalysis.com/"
projectUrl: ""
license: "Proprietary"
tags: ["blockchain", "cryptocurrency", "money-flow", "compliance"]
- name: "FraudFindr"
description: "Forensische Buchhaltungssoftware für automatisierte Analyse von Finanztransaktionen und Betrugserkennung"
domains:
- "transaction-financial"
phases:
- "examination"
- "analysis"
- "reporting"
platforms: ["Web"]
skillLevel: "intermediate"
accessType: "commercial"
url: "https://fraudfindr.com/"
projectUrl: ""
license: "Proprietary"
tags: ["fraud-detection", "transaction", "reporting", "automation"]
- name: "Valid8 Financial"
description: "Verifizierte Financial-Intelligence-Plattform für Transaktions-Tracing und forensische Buchhaltungsanalyse"
domains:
- "transaction-financial"
phases:
- "examination"
- "analysis"
- "reporting"
platforms: ["Web"]
skillLevel: "intermediate"
accessType: "commercial"
url: "https://www.valid8financial.com/"
projectUrl: ""
license: "Proprietary"
tags: ["transaction", "verification", "visualization", "tracing"]
- name: "DocuClipper"
description: "KI-gestütztes OCR-Tool zur Extraktion und Analyse von Bankdaten aus PDF- und gescannten Dokumenten"
domains:
- "transaction-financial"
- "storage-file-system"
phases:
- "data-collection"
- "analysis"
platforms: ["Web"]
skillLevel: "beginner"
accessType: "commercial"
url: "https://www.docuclipper.com/"
projectUrl: ""
license: "Proprietary"
tags: ["ocr", "bank-statements", "extraction", "ai"]
# Visualization and Analysis Tools
- name: "Neo4j"
description: "Graph-Datenbank für Visualisierung komplexer Beziehungen und Netzwerkanalyse in forensischen Untersuchungen"
domains:
- "network-communication"
- "application-code"
- "transaction-financial"
phases:
- "analysis"
- "reporting"
platforms: ["Web", "Windows", "Linux", "macOS"]
skillLevel: "intermediate"
accessType: "self-hosted"
url: "https://neo4j.com/"
projectUrl: "https://neo4j.cc24.dev"
license: "GPL-3.0 / Commercial"
tags: ["graph", "visualization", "relationships", "queries"]
statusUrl: "https://uptime.example.lab/api/badge/5/status"
# Collaboration Tools - Domain-agnostic
- name: "Nextcloud"
description: "Self-hosted file sharing and collaboration platform for secure data exchange"
description: "Self-Hosted-Plattform für sicheren Dateiaustausch und Zusammenarbeit mit End-to-End-Verschlüsselung"
domains: [] # Domain-agnostic
phases:
- "collaboration"
@@ -312,12 +464,11 @@ tools:
url: "https://nextcloud.com/de/"
projectUrl: "https://cloud.cc24.dev"
license: "AGPL-3.0"
tags: ["file-sharing", "collaboration", "document-management", "secure-storage"]
isHosted: true
tags: ["file-sharing", "collaboration", "encryption", "privacy"]
statusUrl: "https://uptime.example.lab/api/badge/10/status"
- name: "Gitea"
description: "Lightweight self-hosted Git service for code collaboration and version control"
description: "Leichtgewichtiger Self-Hosted Git-Service für Code-Kollaboration, Versionskontrolle und Dokumentation"
domains: [] # Domain-agnostic
phases:
- "collaboration"
@@ -325,13 +476,11 @@ tools:
skillLevel: "intermediate"
accessType: "self-hosted"
url: "https://git.example.lab"
projectUrl: ""
projectUrl: "https://gitea.cc24.dev"
license: "MIT"
tags: ["version-control", "git", "code-collaboration", "documentation"]
isHosted: true
tags: ["version-control", "git", "documentation", "lightweight"]
statusUrl: "https://uptime.example.lab/api/badge/11/status"
# Domain definitions for reference
domains:
- id: "storage-file-system"