From c01a73bbb71ba0ecdc411760c0bc375afff39f04 Mon Sep 17 00:00:00 2001 From: overcuriousity Date: Sat, 19 Jul 2025 23:15:57 +0200 Subject: [PATCH] make icons --- dfir_yaml_editor.html | 551 +++++++++++++++++++++----- public/fingerprint_scope_logo.svg | 60 --- src/components/AIQueryInterface.astro | 8 +- src/components/ToolCard.astro | 21 +- src/components/ToolMatrix.astro | 32 +- src/data/tools.yaml | 232 ++++++----- src/pages/index.astro | 7 +- src/utils/dataService.ts | 2 +- 8 files changed, 632 insertions(+), 281 deletions(-) delete mode 100644 public/fingerprint_scope_logo.svg diff --git a/dfir_yaml_editor.html b/dfir_yaml_editor.html index 7766f38..fe92f47 100644 --- a/dfir_yaml_editor.html +++ b/dfir_yaml_editor.html @@ -146,10 +146,26 @@ box-shadow: 0 8px 15px rgba(0,0,0,0.15); } + .tool-card.method { + border-left: 4px solid #9b59b6; + background: linear-gradient(135deg, #f8f9fa 0%, #f4f1ff 100%); + } + + .tool-card.software { + border-left: 4px solid #3498db; + } + .tool-card h3 { color: #2c3e50; margin-bottom: 10px; font-size: 1.3em; + display: flex; + align-items: center; + gap: 8px; + } + + .tool-icon { + font-size: 1.4em; } .tool-card p { @@ -169,6 +185,12 @@ margin: 2px; } + .tag.method-tag { + background: #e8e4ff; + color: #9b59b6; + font-weight: bold; + } + .tag.domain-agnostic { background: #e8f5e8; color: #27ae60; @@ -426,6 +448,42 @@ margin: 10px 0; border: 1px solid #c3e6cb; } + + .type-badge { + display: inline-block; + padding: 4px 8px; + border-radius: 12px; + font-size: 0.75em; + font-weight: bold; + text-transform: uppercase; + margin-left: 10px; + } + + .type-software { + background: #3498db; + color: white; + } + + .type-method { + background: #9b59b6; + color: white; + } + + .conditional-fields { + transition: opacity 0.3s ease; + } + + .conditional-fields.disabled { + opacity: 0.5; + pointer-events: none; + } + + .icon-input { + font-size: 1.5em; + text-align: center; + padding: 10px; + width: 80px; + } @@ -458,6 +516,14 @@
0
Total Tools
+
+
0
+
Software
+
+
+
0
+
Methods
+
0
Domains
@@ -496,7 +562,7 @@
- +
@@ -506,11 +572,31 @@

Add New Tool

-
+
+
+ + +
+
+ + +
+
+ +
+ + +
+ +
-
- -
- - -
- -
-
- - -
-
-
- - + +
+
+
+ + +
+
+ + +
+
+ + +
-
- - -
-
- - -
-
-
-
- - +
+
+ + +
+
+
+ + +
+
-
-
- -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - +
+ +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
@@ -633,6 +720,8 @@
+ + 0 selected
@@ -643,11 +732,14 @@ + +
+
@@ -724,6 +816,25 @@ } } + function handleTypeChange() { + const type = document.getElementById('toolType').value; + const softwareFields = document.getElementById('softwareFields'); + + if (type === 'method') { + softwareFields.classList.add('disabled'); + // Clear software-specific fields for methods + document.getElementById('projectUrl').value = ''; + document.getElementById('license').value = ''; + document.getElementById('accessType').value = ''; + document.getElementById('statusUrl').value = ''; + document.getElementById('knowledgebase').checked = false; + // Clear platform checkboxes + document.querySelectorAll('#platformsCheckbox input').forEach(cb => cb.checked = false); + } else { + softwareFields.classList.remove('disabled'); + } + } + function showMessage(message, type = 'success') { const messageArea = document.getElementById('messageArea'); const className = type === 'error' ? 'error-message' : 'success-message'; @@ -757,24 +868,56 @@ } function loadSampleData() { - // This would load from your existing YAML data - // For brevity, I'll just show the structure try { const sampleData = { - tools: [], // Your existing tools - domains: [], // Your existing domains - phases: [], // Your existing phases - "domain-agnostic-software": [ + tools: [ { - id: "collaboration-general", - name: "Übergreifend & Kollaboration", - description: "Cross-cutting tools and collaboration platforms" + name: "Autopsy", + icon: "📱", + type: "software", + description: "The leading open-source digital forensics platform.", + domains: ["incident-response", "law-enforcement"], + phases: ["examination", "analysis"], + platforms: ["Windows", "Linux"], + skillLevel: "intermediate", + accessType: "download", + url: "https://www.autopsy.com/", + projectUrl: "", + license: "Apache 2.0", + knowledgebase: false, + tags: ["gui", "filesystem", "timeline-analysis", "carving"] }, { - id: "specific-os", - name: "Betriebssysteme", - description: "Operating Systems which focus on forensics" + name: "Live Memory Acquisition Procedure", + icon: "🧠", + type: "method", + description: "Standardized procedure for forensically sound memory acquisition.", + domains: ["incident-response", "law-enforcement"], + phases: ["data-collection"], + platforms: [], + skillLevel: "advanced", + accessType: null, + url: "https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response", + projectUrl: null, + license: null, + knowledgebase: false, + tags: ["memory-acquisition", "volatile-evidence", "procedure"] } + ], + domains: [ + { id: "incident-response", name: "Incident Response & Breach Investigation" }, + { id: "law-enforcement", name: "Law Enforcement & Criminal Investigation" }, + { id: "malware-analysis", name: "Malware Analysis & Reverse Engineering" } + ], + phases: [ + { id: "data-collection", name: "Data Collection", description: "Imaging, Acquisition, Remote Collection Tools" }, + { id: "examination", name: "Examination", description: "Parsing, Extraction, Initial Analysis Tools" }, + { id: "analysis", name: "Analysis", description: "Deep Analysis, Correlation, Visualization Tools" }, + { id: "reporting", name: "Reporting", description: "Documentation, Visualization, Presentation Tools" } + ], + "domain-agnostic-software": [ + { id: "collaboration-general", name: "Collaboration & General", description: "Cross-cutting tools and collaboration platforms" }, + { id: "specific-os", name: "Operating Systems", description: "Operating Systems which focus on forensics" } ] }; yamlData = sampleData; @@ -808,6 +951,12 @@ const tools = yamlData.tools; document.getElementById('totalTools').textContent = tools.length; + + const softwareCount = tools.filter(tool => tool.type === 'software').length; + const methodCount = tools.filter(tool => tool.type === 'method').length; + document.getElementById('softwareCount').textContent = softwareCount; + document.getElementById('methodCount').textContent = methodCount; + document.getElementById('totalDomains').textContent = yamlData.domains ? yamlData.domains.length : 0; document.getElementById('totalPhases').textContent = yamlData.phases ? yamlData.phases.length : 0; document.getElementById('totalDomainAgnostic').textContent = yamlData['domain-agnostic-software'] ? yamlData['domain-agnostic-software'].length : 0; @@ -973,11 +1122,12 @@ function createToolCard(tool, index) { const card = document.createElement('div'); - card.className = 'tool-card'; + card.className = `tool-card ${tool.type || 'software'}`; const skillClass = `skill-${tool.skillLevel || 'intermediate'}`; const tags = (tool.tags || []).map(tag => `${tag}`).join(''); const knowledgebaseIndicator = tool.knowledgebase ? '📚 Knowledgebase' : ''; + const typeIndicator = `${tool.type || 'software'}`; // Add domain-agnostic indicators const domainAgnosticTags = (tool['domain-agnostic-software'] || []).map(cat => { @@ -986,7 +1136,11 @@ }).join(''); card.innerHTML = ` -

${tool.name}

+

+ ${tool.icon ? `${tool.icon}` : ''} + ${tool.name} + ${typeIndicator} +

${tool.skillLevel || 'intermediate'}
${knowledgebaseIndicator} @@ -1004,16 +1158,21 @@ function createBulkToolCard(tool, index) { const card = document.createElement('div'); - card.className = 'tool-card'; + card.className = `tool-card ${tool.type || 'software'}`; const skillClass = `skill-${tool.skillLevel || 'intermediate'}`; const isSelected = selectedTools.has(index); const knowledgebaseIndicator = tool.knowledgebase ? '📚 KB' : ''; + const typeIndicator = `${tool.type || 'software'}`; card.innerHTML = `
-

${tool.name}

+

+ ${tool.icon ? `${tool.icon}` : ''} + ${tool.name} +

+ ${typeIndicator} ${knowledgebaseIndicator}
${tool.skillLevel || 'intermediate'}
@@ -1046,6 +1205,7 @@ const searchableText = [ tool.name || '', tool.description || '', + tool.type || '', ...(tool.tags || []), ...(tool.domains || []), ...(tool.phases || []), @@ -1077,6 +1237,8 @@ // Populate form fields document.getElementById('toolName').value = tool.name || ''; + document.getElementById('toolType').value = tool.type || 'software'; + document.getElementById('toolIcon').value = tool.icon || ''; document.getElementById('description').value = tool.description || ''; document.getElementById('skillLevel').value = tool.skillLevel || ''; document.getElementById('url').value = tool.url || ''; @@ -1086,6 +1248,9 @@ document.getElementById('statusUrl').value = tool.statusUrl || ''; document.getElementById('knowledgebase').checked = tool.knowledgebase || false; + // Handle conditional fields + handleTypeChange(); + // Set checkboxes setCheckboxValues('#platformsCheckbox input', tool.platforms || []); setCheckboxValues('#domainsCheckbox input', tool.domains || []); @@ -1149,36 +1314,70 @@ yamlData.tools = []; } + const toolType = document.getElementById('toolType').value; const tool = { name: document.getElementById('toolName').value, + type: toolType, description: document.getElementById('description').value, domains: getCheckedValues('#domainsCheckbox input:checked'), phases: getCheckedValues('#phasesCheckbox input:checked'), - platforms: getCheckedValues('#platformsCheckbox input:checked'), - 'domain-agnostic-software': getCheckedValues('#domainAgnosticCheckbox input:checked'), skillLevel: document.getElementById('skillLevel').value, - accessType: document.getElementById('accessType').value, url: document.getElementById('url').value, - projectUrl: document.getElementById('projectUrl').value, - license: document.getElementById('license').value, - knowledgebase: document.getElementById('knowledgebase').checked, tags: getTags() }; + // Add icon if provided + const icon = document.getElementById('toolIcon').value.trim(); + if (icon) { + tool.icon = icon; + } + + // Add software-specific fields + if (toolType === 'software') { + tool.platforms = getCheckedValues('#platformsCheckbox input:checked'); + tool.accessType = document.getElementById('accessType').value; + tool.projectUrl = document.getElementById('projectUrl').value; + tool.license = document.getElementById('license').value; + tool.knowledgebase = document.getElementById('knowledgebase').checked; + + const statusUrl = document.getElementById('statusUrl').value; + if (statusUrl) { + tool.statusUrl = statusUrl; + } + } else { + // For methods, set appropriate defaults + tool.platforms = []; + tool.accessType = null; + tool.projectUrl = null; + tool.license = null; + tool.knowledgebase = false; + } + + // Add domain-agnostic software if selected + const domainAgnostic = getCheckedValues('#domainAgnosticCheckbox input:checked'); + if (domainAgnostic.length > 0) { + tool['domain-agnostic-software'] = domainAgnostic; + } else { + tool['domain-agnostic-software'] = null; + } + // Clean up empty arrays and null values Object.keys(tool).forEach(key => { if (Array.isArray(tool[key]) && tool[key].length === 0) { - delete tool[key]; + if (key === 'platforms' && toolType === 'method') { + tool[key] = []; // Keep empty array for methods + } else { + delete tool[key]; + } } else if (tool[key] === '' || tool[key] === null) { - delete tool[key]; + if ((key === 'accessType' || key === 'projectUrl' || key === 'license') && toolType === 'method') { + tool[key] = null; // Keep null for methods + } else { + delete tool[key]; + } } }); - const statusUrl = document.getElementById('statusUrl').value; - if (statusUrl) { - tool.statusUrl = statusUrl; - } - if (currentEditingIndex >= 0) { yamlData.tools[currentEditingIndex] = tool; showMessage('Tool updated successfully!'); @@ -1213,6 +1412,7 @@ document.getElementById('tagContainer').querySelectorAll('.removable-tag').forEach(tag => tag.remove()); document.getElementById('editorTitle').textContent = 'Add New Tool'; document.getElementById('deleteBtn').style.display = 'none'; + document.getElementById('softwareFields').classList.remove('disabled'); currentEditingIndex = -1; } @@ -1251,6 +1451,18 @@ } } + function selectByType(type) { + if (yamlData && yamlData.tools) { + yamlData.tools.forEach((tool, index) => { + if (tool.type === type) { + selectedTools.add(index); + } + }); + updateSelectionCount(); + renderBulkGrid(); + } + } + function clearSelection() { selectedTools.clear(); updateSelectionCount(); @@ -1261,6 +1473,111 @@ document.getElementById('selectionCount').textContent = `${selectedTools.size} selected`; } + function showIconSuggestions() { + const suggestions = `DFIR Tool Icons by Operational Mode: + +📦 Downloaded/Installed 🌐 Web Application ☁️ Cloud Service +🖥️ Operating System ⌨️ Command Line 📡 Server/Self-hosted +🔧 Hardware Tool 💰 Commercial ⚙️ Built-in/System +📱 Mobile Application 🔗 API/Library 📋 Method/Procedure + +🖲️ Remote Access 💻 Desktop GUI 🛠️ Utility/Helper +🏢 Enterprise Platform 🔓 Open Source 🎯 Specialized Tool +📊 Analysis Platform 🗄️ Database/Storage 🔄 Processing Engine + +Most common combinations: +📦 + 🔓 = Open Source Desktop Software +🌐 + ☁️ = Cloud Web Application +🖥️ + 🔓 = Forensic Live OS +⌨️ + 🔧 = Command Line Utility +📋 + 🎯 = Specialized Method + +Click any emoji to copy it, then paste into the icon field.`; + + alert(suggestions); + } + + function bulkUpdateIcons() { + if (selectedTools.size === 0) { + showMessage('No tools selected', 'error'); + return; + } + + // Show operational mode-focused icon suggestions + const suggestedIcons = ` +DFIR Tool Icons by Operational Mode: + +📦 Downloaded/Installed 🌐 Web Application ☁️ Cloud Service +🖥️ Operating System ⌨️ Command Line 📡 Server/Self-hosted +🔧 Hardware Tool 💰 Commercial ⚙️ Built-in/System +📱 Mobile Application 🔗 API/Library 📋 Method/Procedure + +🖲️ Remote Access 💻 Desktop GUI 🛠️ Utility/Helper +🏢 Enterprise Platform 🔓 Open Source 🎯 Specialized Tool +📊 Analysis Platform 🗄️ Database/Storage 🔄 Processing Engine + +Quick suggestions by access type: +• Downloaded Software: 📦 +• Web Applications: 🌐 +• Cloud Services: ☁️ +• Operating Systems: 🖥️ +• Command Line: ⌨️ +• Hardware: 🔧 +• Methods/Procedures: 📋`; + + const icon = prompt(`Enter emoji icon (single character) or leave empty to remove:\n\n${suggestedIcons}`); + + if (icon !== null) { // Allow empty string to remove icons + const trimmedIcon = icon.trim(); + if (trimmedIcon.length > 2) { + showMessage('Icon should be a single emoji character', 'error'); + return; + } + + selectedTools.forEach(index => { + if (trimmedIcon === '') { + delete yamlData.tools[index].icon; // Remove icon field entirely + } else { + yamlData.tools[index].icon = trimmedIcon; + } + }); + + const action = trimmedIcon === '' ? 'removed icons from' : 'updated icons for'; + showMessage(`Successfully ${action} ${selectedTools.size} tools`); + renderBulkGrid(); + renderToolsGrid(); // Update tools view if visible + } + } + + function bulkUpdateType() { + if (selectedTools.size === 0) { + showMessage('No tools selected', 'error'); + return; + } + + const type = prompt('Enter type (software/method):'); + if (type && ['software', 'method'].includes(type)) { + selectedTools.forEach(index => { + yamlData.tools[index].type = type; + + // Handle method-specific cleanup + if (type === 'method') { + yamlData.tools[index].platforms = []; + yamlData.tools[index].accessType = null; + yamlData.tools[index].projectUrl = null; + yamlData.tools[index].license = null; + yamlData.tools[index].knowledgebase = false; + if (yamlData.tools[index].statusUrl) { + delete yamlData.tools[index].statusUrl; + } + } + }); + showMessage(`Updated type for ${selectedTools.size} tools`); + updateStats(); + renderBulkGrid(); + } + } + function bulkUpdateSkillLevel() { if (selectedTools.size === 0) { showMessage('No tools selected', 'error'); @@ -1352,19 +1669,29 @@ return; } - const action = value ? 'set as knowledgebase' : 'remove knowledgebase flag from'; - if (!confirm(`Are you sure you want to ${action} ${selectedTools.size} selected tools?`)) { + // Only apply to software tools + const softwareTools = Array.from(selectedTools).filter(index => + yamlData.tools[index].type === 'software' + ); + + if (softwareTools.length === 0) { + showMessage('No software tools selected (knowledgebase only applies to software)', 'error'); return; } - selectedTools.forEach(index => { + const action = value ? 'set as knowledgebase' : 'remove knowledgebase flag from'; + if (!confirm(`Are you sure you want to ${action} ${softwareTools.length} selected software tools?`)) { + return; + } + + softwareTools.forEach(index => { if (yamlData.tools[index]) { yamlData.tools[index].knowledgebase = value; } }); const actionCompleted = value ? 'marked as knowledgebase' : 'removed knowledgebase flag from'; - showMessage(`Successfully ${actionCompleted} ${selectedTools.size} tools`); + showMessage(`Successfully ${actionCompleted} ${softwareTools.length} software tools`); updateStats(); renderBulkGrid(); @@ -1383,11 +1710,23 @@ selectedTools.forEach(index => { if (yamlData.tools[index]) { + const tool = yamlData.tools[index]; const arrayFields = ['tags', 'domains', 'phases', 'platforms', 'domain-agnostic-software']; + if (arrayFields.includes(fieldName)) { - yamlData.tools[index][fieldName] = []; + if (fieldName === 'platforms' && tool.type === 'method') { + tool[fieldName] = []; // Keep empty array for methods + } else { + tool[fieldName] = []; + } + } else if (fieldName === 'icon') { + delete tool.icon; // Remove icon field entirely } else { - yamlData.tools[index][fieldName] = ''; + if ((fieldName === 'projectUrl' || fieldName === 'accessType' || fieldName === 'license') && tool.type === 'method') { + tool[fieldName] = null; // Keep null for methods + } else { + tool[fieldName] = ''; + } } } }); @@ -1399,6 +1738,9 @@ } renderBulkGrid(); + if (fieldName === 'icon') { + renderToolsGrid(); // Update tools view to reflect icon changes + } } function bulkDelete() { @@ -1438,6 +1780,25 @@ if (!tool.name) validationResults.push(`❌ Tool ${index + 1}: Missing name`); if (!tool.description) validationResults.push(`❌ Tool ${index + 1}: Missing description`); if (!tool.skillLevel) validationResults.push(`❌ Tool ${index + 1}: Missing skillLevel`); + if (!tool.type) validationResults.push(`❌ Tool ${index + 1}: Missing type`); + if (tool.type && !['software', 'method'].includes(tool.type)) { + validationResults.push(`❌ Tool ${index + 1}: Invalid type (must be 'software' or 'method')`); + } + + // Software-specific validation + if (tool.type === 'software') { + if (!tool.platforms || tool.platforms.length === 0) { + validationResults.push(`❌ Tool ${index + 1}: Software must have platforms`); + } + if (!tool.license) validationResults.push(`❌ Tool ${index + 1}: Software should have license`); + } + + // Method-specific validation + if (tool.type === 'method') { + if (tool.platforms && tool.platforms.length > 0) { + validationResults.push(`⚠️ Tool ${index + 1}: Methods should not have platforms`); + } + } }); } diff --git a/public/fingerprint_scope_logo.svg b/public/fingerprint_scope_logo.svg deleted file mode 100644 index 35a8af9..0000000 --- a/public/fingerprint_scope_logo.svg +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/src/components/AIQueryInterface.astro b/src/components/AIQueryInterface.astro index d2e8f8f..fdab0f2 100644 --- a/src/components/AIQueryInterface.astro +++ b/src/components/AIQueryInterface.astro @@ -461,7 +461,10 @@ document.addEventListener('DOMContentLoaded', () => {
-

${tool.name}

+

+ ${tool.icon ? `${tool.icon}` : ''} + ${tool.name} +

${tool.recommendation.priority} @@ -474,9 +477,8 @@ document.addEventListener('DOMContentLoaded', () => {
- ${tool.type === 'method' ? 'Methode' : ''} ${tool.type !== 'method' && hasValidProjectUrl ? 'CC24-Server' : ''} - ${tool.type !== 'method' && tool.license !== 'Proprietary' ? 'Open Source' : ''} + ${tool.knowledgebase === true ? '📖' : ''} ${tool.skillLevel}
diff --git a/src/components/ToolCard.astro b/src/components/ToolCard.astro index f8fc161..69e6648 100644 --- a/src/components/ToolCard.astro +++ b/src/components/ToolCard.astro @@ -2,6 +2,7 @@ export interface Props { tool: { name: string; + icon?: string; type?: string; description: string; domains: string[]; @@ -38,16 +39,18 @@ const cardClass = isMethod ? 'card card-method tool-card' : (tool.license !== 'Proprietary' ? 'card card-oss tool-card' : 'card tool-card'); --- -
- +
+
-

{tool.name}

-
- {isMethod && Methode} - {!isMethod && hasValidProjectUrl && CC24-Server} - {!isMethod && tool.license !== 'Proprietary' && OSS} - {hasKnowledgebase && 📖} -
+

+ {tool.icon && {tool.icon}} + {tool.name} +

+
+ + {!isMethod && hasValidProjectUrl && CC24-Server} + {hasKnowledgebase && 📖} +
diff --git a/src/components/ToolMatrix.astro b/src/components/ToolMatrix.astro index 6a43c65..e2a7416 100644 --- a/src/components/ToolMatrix.astro +++ b/src/components/ToolMatrix.astro @@ -65,11 +65,13 @@ domains.forEach((domain: any) => {
-

{tool.name}

+

+ {tool.icon && {tool.icon}} + {tool.name} +

{hasValidProjectUrl && CC24-Server} - {tool.license !== 'Proprietary' && OSS} - {tool.knowledgebase === true && Infos 📖} + {tool.knowledgebase === true && 📖}

@@ -249,29 +251,25 @@ domains.forEach((domain: any) => { const isMethod = tool.type === 'method'; // Update modal content - document.getElementById('tool-name').textContent = tool.name; + const toolNameElement = document.getElementById('tool-name'); + const iconHtml = tool.icon ? `${tool.icon}` : ''; + toolNameElement.innerHTML = `${iconHtml}${tool.name}`; document.getElementById('tool-description').textContent = tool.description; - - // Badges + + // Badges - Only CC24-Server and Knowledgebase const badgesContainer = document.getElementById('tool-badges'); const hasValidProjectUrl = tool.projectUrl !== undefined && tool.projectUrl !== null && tool.projectUrl !== "" && tool.projectUrl.trim() !== ""; - + badgesContainer.innerHTML = ''; - if (isMethod) { - badgesContainer.innerHTML += 'Methode'; - } else { - if (hasValidProjectUrl) { - badgesContainer.innerHTML += 'CC24-Server'; - } - if (tool.license !== 'Proprietary') { - badgesContainer.innerHTML += 'Open Source'; - } + // Only show CC24-Server and Knowledgebase badges + if (!isMethod && hasValidProjectUrl) { + badgesContainer.innerHTML += 'CC24-Server'; } if (tool.knowledgebase === true) { - badgesContainer.innerHTML += 'Infos 📖'; + badgesContainer.innerHTML += '📖'; } // Metadata - safe array handling diff --git a/src/data/tools.yaml b/src/data/tools.yaml index 8205ee8..7a68d42 100644 --- a/src/data/tools.yaml +++ b/src/data/tools.yaml @@ -1,5 +1,6 @@ tools: - name: Autopsy + icon: 📦 type: software description: >- Die führende Open-Source-Alternative zu kommerziellen Forensik-Suiten mit @@ -35,10 +36,11 @@ tools: - artifact-extraction - keyword-search - name: Volatility 3 + icon: 📦 type: software description: >- - Das Schweizer Taschenmesser der Memory-Forensik, unverzichtbar für die - Analyse von RAM-Dumps. Mit über 100 Plugins extrahiert es Prozesse, + Das Universalwerkzeug der Live-Forensik, unverzichtbar für die Analyse von + RAM-Dumps. Mit über 100 Plugins extrahiert es Prozesse, Netzwerkverbindungen, Registry-Keys und versteckte Malware aus dem Arbeitsspeicher. Die Python-basierte Architektur macht es flexibel erweiterbar, erfordert aber solide Kommandozeilen-Kenntnisse. Version 3 @@ -71,6 +73,7 @@ tools: - scripting - process-analysis - name: TheHive 5 + icon: 🌐 type: software description: >- Moderne Security-Orchestrierungs-Plattform für die koordinierte @@ -106,6 +109,7 @@ tools: - incident-tracking statusUrl: https://uptime.example.lab/api/badge/1/status - name: MISP + icon: 🌐 type: software description: >- Das Rückgrat des modernen Threat-Intelligence-Sharings mit über 40.000 @@ -140,6 +144,7 @@ tools: - automation statusUrl: https://status.mikoshi.de/api/badge/34/status - name: Timesketch + icon: 📦 type: software description: >- Google's Open-Source-Lösung für kollaborative Timeline-Analyse großer @@ -173,6 +178,7 @@ tools: - correlation statusUrl: https://uptime.example.lab/api/badge/3/status - name: Wireshark + icon: 📦 type: software description: >- Der unangefochtene König der Netzwerk-Protokoll-Analyse mit Support für @@ -209,6 +215,7 @@ tools: - visualization - filtering - name: Magnet AXIOM + icon: 📦 type: software description: >- Die Rolls-Royce unter den kommerziellen Forensik-Suiten mit @@ -244,6 +251,7 @@ tools: - automated-analysis - reporting - name: Cellebrite UFED + icon: 📦 type: software description: >- Der Goldstandard der mobilen Forensik mit legendären @@ -276,6 +284,7 @@ tools: - hardware-interface - automated-analysis - name: Cuckoo Sandbox 3 + icon: 🌐 type: software description: >- Die führende Open-Source-Sandbox für automatisierte Malware-Analyse in @@ -308,6 +317,7 @@ tools: - virtualization - automated-analysis - name: Ghidra + icon: 📦 type: software description: >- NSAs Geschenk an die Reverse-Engineering-Community als mächtige @@ -340,6 +350,7 @@ tools: - scripting - static-analysis - name: Plaso (log2timeline) + icon: 📦 type: software description: >- Der industrielle Staubsauger für Zeitstempel - extrahiert aus hunderten @@ -375,6 +386,7 @@ tools: - artifact-extraction - scripting - name: CyberChef + icon: 🌐 type: software description: >- Das digitale Schweizer Taschenmesser für Daten-Manipulation mit über 300 @@ -407,6 +419,7 @@ tools: - visualization - parsing - name: Velociraptor + icon: 🌐 type: software description: >- Die nächste Evolution der Endpoint-Forensik mit skalierbarer @@ -447,6 +460,7 @@ tools: - hunting statusUrl: https://status.mikoshi.de/api/badge/33/status - name: GRR Rapid Response + icon: 🌐 type: software description: >- Googles Antwort auf Enterprise-Scale-Forensik für die Untersuchung von @@ -483,6 +497,7 @@ tools: - live-forensics - fleet-management - name: Arkime + icon: 📦 type: software description: >- Das Heavy-Metal-Tool für Full-Packet-Capture mit der Fähigkeit, Petabytes @@ -517,6 +532,7 @@ tools: - api - big-data - name: NetworkMiner + icon: 📦 type: software description: >- Der benutzerfreundliche kleine Bruder von Wireshark mit Fokus auf Forensik @@ -550,6 +566,7 @@ tools: - parsing - session-reconstruction - name: ExifTool + icon: 📦 type: software description: >- Der Metadaten-Maestro, der aus über 1000 Dateiformaten verborgene @@ -585,6 +602,7 @@ tools: - scripting - batch-processing - name: Chainalysis + icon: 📦 type: software description: >- Der Platzhirsch der Blockchain-Forensik mit Zugriff auf die größte @@ -616,6 +634,7 @@ tools: - api - reporting - name: Neo4j + icon: 🌐 type: software description: >- Die führende Graph-Datenbank verwandelt komplexe Beziehungsgeflechte in @@ -654,6 +673,7 @@ tools: - query-language statusUrl: https://status.mikoshi.de/api/badge/32/status - name: QGIS + icon: 📦 type: software description: >- Das Open-Source-GIS-Kraftpaket für die Visualisierung von Geodaten in @@ -687,6 +707,7 @@ tools: - scripting - reporting - name: Nextcloud + icon: 🌐 type: software description: >- Die Open-Source-Cloud-Suite als sichere Kollaborations-Zentrale für @@ -724,6 +745,7 @@ tools: - document-management statusUrl: https://status.mikoshi.de/api/badge/11/status - name: Gitea + icon: 🌐 type: software description: >- Das leichtgewichtige Git-Repository für die Versionierung von @@ -755,6 +777,7 @@ tools: - ci-cd statusUrl: https://status.mikoshi.de/api/badge/18/status - name: Binwalk + icon: 📦 type: software description: >- Der Firmware-Flüsterer, der aus IoT-Geräten und Routern ihre Geheimnisse @@ -786,6 +809,7 @@ tools: - extraction - scripting - name: LibreOffice + icon: 📦 type: software description: >- Die freie Office-Suite, die mehr kann als nur Berichte schreiben. Calc @@ -847,18 +871,8 @@ tools: - examination - analysis - reporting - platforms: - - Windows - - macOS - - Web - domain-agnostic-software: - - collaboration-general skillLevel: novice - accessType: commercial url: https://www.office.com/ - projectUrl: '' - license: Proprietary - knowledgebase: false tags: - gui - document-creation @@ -866,7 +880,18 @@ tools: - collaboration - cloud-based - reporting + icon: ☁️ + platforms: + - Windows + - macOS + - Web + accessType: commercial + license: Proprietary + knowledgebase: false + domain-agnostic-software: + - collaboration-general - name: GraphSense + icon: 🌐 type: software description: >- Die europäische Alternative zu Chainalysis mit Open-Source-Kern und Fokus @@ -898,14 +923,15 @@ tools: - api - big-data - name: FTK Imager + icon: 📦 type: software description: >- Der Oldtimer unter den Imaging-Tools, aber immer noch zuverlässig wie ein - Schweizer Uhrwerk. Erstellt bit-genaue Kopien von Festplatten mit - integrierter Hash-Verifizierung für die Beweiskette. Die kostenlose - Version reicht für die meisten Aufgaben, unterstützt alle gängigen - Image-Formate. Etwas angestaubt in der Oberfläche, aber bewährt in - tausenden Gerichtsverfahren. Freeware, aber nicht open source. + Uhrwerk. Erstellt bit-genaue Kopien von Festplatten mit integrierter + Hash-Verifizierung für die Beweiskette. Die kostenlose Version reicht für + die meisten Aufgaben, unterstützt alle gängigen Image-Formate. Etwas + angestaubt in der Oberfläche, aber bewährt in tausenden Gerichtsverfahren. + Freeware, aber nicht open source. domains: - law-enforcement - incident-response @@ -928,6 +954,7 @@ tools: - verification - write-blocking - name: Guymager + icon: 📦 type: software description: >- Das schlanke Linux-Imaging-Tool mit Fokus auf Performance und @@ -957,6 +984,7 @@ tools: - multi-threading - write-blocking - name: Fuji + icon: 📦 type: software description: >- Der Geheimtipp für macOS-Forensiker - Live-Imaging ohne @@ -986,6 +1014,7 @@ tools: - filesystem - macos-specific - name: ALEAPP + icon: 📦 type: software description: >- Android-Forensik leicht gemacht - parst dutzende Apps und System-Artefakte @@ -1019,6 +1048,7 @@ tools: - reporting - timeline-analysis - name: iLEAPP + icon: 📦 type: software description: >- Das iOS-Pendant zu ALEAPP mit Fokus auf Apple's geschlossenem Ökosystem. @@ -1052,6 +1082,7 @@ tools: - reporting - ios-specific - name: VLEAPP + icon: 📦 type: software description: >- Die Zukunft der Fahrzeug-Forensik für vernetzte Autos und @@ -1086,7 +1117,7 @@ tools: - name: Kali Linux type: software description: >- - Die Schweizer Armee-Messer-Distribution mit über 600 vorinstallierten + Die wohlbekannte Hacker-Distribution mit über 600 vorinstallierten Security-Tools. Von Forensik über Penetration Testing bis Reverse Engineering ist alles an Bord. Die Live-Boot-Option ermöglicht forensische Untersuchungen ohne Installation. Regelmäßige Updates halten die @@ -1100,17 +1131,8 @@ tools: - mobile-forensics - cloud-forensics - ics-forensics - phases: [] - platforms: - - OS - domain-agnostic-software: - - specific-os skillLevel: intermediate - accessType: download url: https://kali.org/ - projectUrl: null - license: GPL-3.0 - knowledgebase: true tags: - live-boot - tool-collection @@ -1118,7 +1140,16 @@ tools: - forensics-suite - virtualization - arm-support + icon: 🖥 + platforms: + - OS + accessType: download + license: GPL-3.0 + knowledgebase: true + domain-agnostic-software: + - specific-os - name: dd + icon: 📦 type: software description: >- Das Unix-Urgestein für bit-genaues Kopieren von Datenträgern seit 1974. @@ -1149,6 +1180,7 @@ tools: - unix-tool - scripting - name: dcfldd + icon: 📦 type: software description: >- Die forensische Weiterentwicklung von dd mit eingebauter @@ -1178,6 +1210,7 @@ tools: - progress-monitoring - split-output - name: ewfacquire + icon: 📦 type: software description: >- Das Kommandozeilen-Tool für Expert Witness Format (E01) Images mit @@ -1208,6 +1241,7 @@ tools: - metadata - verification - name: PhotoRec + icon: 📦 type: software description: >- Der Datenretter in der Not - findet gelöschte Dateien ohne @@ -1240,6 +1274,7 @@ tools: - signature-based - cross-platform - name: Kismet + icon: 📦 type: software description: >- Der WLAN-Schnüffler der Extraklasse für Wireless-Forensik und @@ -1270,6 +1305,7 @@ tools: - passive-scanning - api - name: OSFMount + icon: 📦 type: software description: >- Mountet Disk-Images als virtuelle Laufwerke unter Windows für komfortable @@ -1300,6 +1336,7 @@ tools: - format-support - freeware - name: Thumbcache Viewer + icon: 📦 type: software description: >- Spezialist für Windows Thumbnail-Caches mit Zugriff auf gelöschte @@ -1330,6 +1367,7 @@ tools: - thumbnail-extraction - deleted-data - name: RegRipper + icon: 📦 type: software description: >- Der Windows-Registry-Experte mit hunderten Plugins für automatisierte @@ -1368,24 +1406,15 @@ tools: Regelbasierte Suche nach Strings, Byte-Sequenzen und regulären Ausdrücken. De-facto Standard für Malware-Signaturen mit riesiger Community-Rule-Sammlung. Integration in viele Forensik-Tools macht es zum - universellen Schweizer Messer. + Marktstandard. domains: - incident-response - malware-analysis phases: - examination - analysis - platforms: - - Windows - - Linux - - macOS - domain-agnostic-software: null skillLevel: intermediate - accessType: download url: https://virustotal.github.io/yara/ - projectUrl: '' - license: BSD-3-Clause - knowledgebase: false tags: - commandline - pattern-matching @@ -1393,7 +1422,16 @@ tools: - rule-engine - library - signature-based + icon: 🛠 + platforms: + - Windows + - Linux + - macOS + accessType: download + license: BSD-3-Clause + knowledgebase: false - name: Strings + icon: 📦 type: software description: >- Das simple Tool mit großer Wirkung - extrahiert lesbare Texte aus @@ -1434,21 +1472,12 @@ tools: Anreicherung großer Datensätze. domains: - incident-response - - network-forensics - fraud-investigation + - network-forensics phases: - analysis - platforms: - - Windows - - Linux - - macOS - domain-agnostic-software: null skillLevel: beginner - accessType: download url: https://www.maxmind.com/ - projectUrl: '' - license: GeoLite2 EULA / Commercial - knowledgebase: false tags: - api - geolocation @@ -1456,6 +1485,14 @@ tools: - database - enrichment - library + icon: 🗄 + platforms: + - Windows + - Linux + - macOS + accessType: download + license: GeoLite2 EULA / Commercial + knowledgebase: false - name: SIFT Workstation type: software description: >- @@ -1470,17 +1507,8 @@ tools: - malware-analysis - network-forensics - mobile-forensics - phases: [] - platforms: - - OS - domain-agnostic-software: - - specific-os skillLevel: intermediate - accessType: download url: https://www.sans.org/tools/sift-workstation/ - projectUrl: '' - license: Free / Mixed - knowledgebase: false tags: - virtual-machine - tool-collection @@ -1488,6 +1516,14 @@ tools: - training-focused - documentation - ubuntu-based + icon: 🖥 + platforms: + - OS + accessType: download + license: Free / Mixed + knowledgebase: false + domain-agnostic-software: + - specific-os - name: Tsurugi Linux type: software description: >- @@ -1503,21 +1539,22 @@ tools: - law-enforcement - malware-analysis - mobile-forensics - platforms: - - OS - domain-agnostic-software: - - specific-os skillLevel: intermediate - accessType: download url: https://tsurugi-linux.org/ - license: GPL / Mixed - knowledgebase: false tags: - live-boot - tool-collection - forensics-suite - mobile-focus - lightweight + icon: 🖥 + platforms: + - OS + accessType: download + license: GPL / Mixed + knowledgebase: false + domain-agnostic-software: + - specific-os - name: Parrot Security OS type: software description: >- @@ -1531,17 +1568,8 @@ tools: - law-enforcement - malware-analysis - network-forensics - phases: [] - platforms: - - OS - domain-agnostic-software: - - specific-os skillLevel: intermediate - accessType: download url: https://parrotsec.org/ - projectUrl: '' - license: GPL-3.0 - knowledgebase: false tags: - live-boot - privacy-focused @@ -1549,7 +1577,16 @@ tools: - rolling-release - lightweight - anonymization + icon: 🖥 + platforms: + - OS + accessType: download + license: GPL-3.0 + knowledgebase: false + domain-agnostic-software: + - specific-os - name: Eric Zimmerman Tools + icon: 📦 type: software description: >- Die Tool-Sammlung des Windows-Forensik-Gurus für Artefakt-Analyse. Von @@ -1579,6 +1616,7 @@ tools: - tool-collection - artifact-extraction - name: Impacket + icon: 📦 type: software description: >- Python-Bibliothek für Netzwerk-Protokoll-Manipulation und @@ -1612,6 +1650,7 @@ tools: - scripting - api - name: RSA NetWitness + icon: 📦 type: software description: >- Enterprise-Grade SIEM und Forensik-Plattform für große Netzwerke. @@ -1644,6 +1683,7 @@ tools: - machine-learning - enterprise - name: X-Ways Forensics + icon: 📦 type: software description: >- Der deutsche Präzisionsskalpell unter den Forensik-Tools mit @@ -1674,6 +1714,7 @@ tools: - german-made - hex-editor - name: EnCase + icon: 📦 type: software description: >- Der Veteran der kommerziellen Forensik-Tools mit 25 Jahren @@ -1705,6 +1746,7 @@ tools: - certification - scripting - name: FRED + icon: 🔧 type: software description: >- Forensic Recovery of Evidence Device - spezialisierte Hardware für @@ -1745,20 +1787,22 @@ tools: - data-collection - examination - analysis - platforms: - - Windows - - Linux - - macOS skillLevel: advanced - accessType: download url: https://github.com/microsoft/ics-forensics-tools - license: MIT - knowledgebase: false tags: - python - binary - scripting - - name: "Live Memory Acquisition Procedure" + icon: 🛠 + platforms: + - Windows + - Linux + - macOS + accessType: download + license: MIT + knowledgebase: false + - name: Live Memory Acquisition Procedure + icon: 📋 type: method description: >- Standardisiertes Verfahren zur forensisch korrekten Akquisition des @@ -1777,8 +1821,9 @@ tools: domain-agnostic-software: null skillLevel: advanced accessType: null - url: https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response - projectUrl: + url: >- + https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response + projectUrl: null license: null knowledgebase: false tags: @@ -1788,7 +1833,8 @@ tools: - ram-dump - evidence-preservation - procedure - - name: "Rapid Incident Response Triage on macOS" + - name: Rapid Incident Response Triage on macOS + icon: 📋 type: method description: >- Spezialisierte Methodik für die schnelle Incident Response auf @@ -1796,8 +1842,8 @@ tools: Artefakte in unter einer Stunde. Adressiert die Lücke zwischen Windows-zentrierten IR-Prozessen und macOS-spezifischen Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente - Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll - für Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften. + Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für + Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften. domains: - incident-response - law-enforcement @@ -1809,10 +1855,11 @@ tools: domain-agnostic-software: null skillLevel: intermediate accessType: null - url: https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/ - projectUrl: + url: >- + https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/ + projectUrl: null license: null - knowledgebase: + knowledgebase: null tags: - macos - rapid-response @@ -1822,14 +1869,15 @@ tools: - enterprise - methodology - apple - - name: "Aftermath" + - name: Aftermath + icon: 📦 type: software description: >- Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen, - Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen - ohne Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage - in Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und + Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne + Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in + Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und erstellt durchsuchbare Ausgabeformate für effiziente Analyse. domains: - incident-response diff --git a/src/pages/index.astro b/src/pages/index.astro index 256a688..fddbd20 100644 --- a/src/pages/index.astro +++ b/src/pages/index.astro @@ -353,13 +353,12 @@ function createToolCard(tool) { cardDiv.style.cursor = 'pointer'; cardDiv.onclick = () => (window as any).showToolDetails(tool.name); + cardDiv.innerHTML = `

-

${tool.name}

+

${tool.icon ? `${tool.icon}` : ''}${tool.name}

- ${isMethod ? 'Methode' : ''} - ${!isMethod && hasValidProjectUrl ? 'CC24-Server' : ''} - ${!isMethod && tool.license !== 'Proprietary' ? 'OSS' : ''} + ${!isMethod && hasValidProjectUrl ? 'Self-Hosted' : ''} ${hasKnowledgebase ? '📖' : ''}
diff --git a/src/utils/dataService.ts b/src/utils/dataService.ts index e5ad538..707f276 100644 --- a/src/utils/dataService.ts +++ b/src/utils/dataService.ts @@ -5,7 +5,7 @@ import { z } from 'zod'; const ToolSchema = z.object({ name: z.string(), - icon: z.string().optional(), + icon: z.string().optional().nullable(), type: z.string(), description: z.string(), domains: z.array(z.string()).optional().nullable().default([]),