mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity

make icons

Browse Source
This commit is contained in:
overcuriousity 2025-07-19 23:15:57 +02:00
parent 8cccb0f4a9
commit c01a73bbb7
8 changed files with 632 additions and 281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

551
dfir_yaml_editor.html
View File

@ -146,10 +146,26 @@
box-shadow: 0 8px 15px rgba(0,0,0,0.15); box-shadow: 0 8px 15px rgba(0,0,0,0.15);
} }
.tool-card.method {
border-left: 4px solid #9b59b6;
background: linear-gradient(135deg, #f8f9fa 0%, #f4f1ff 100%);
}
.tool-card.software {
border-left: 4px solid #3498db;
}
.tool-card h3 { .tool-card h3 {
color: #2c3e50; color: #2c3e50;
margin-bottom: 10px; margin-bottom: 10px;
font-size: 1.3em; font-size: 1.3em;
display: flex;
align-items: center;
gap: 8px;
}
.tool-icon {
font-size: 1.4em;
} }
.tool-card p { .tool-card p {
@ -169,6 +185,12 @@
margin: 2px; margin: 2px;
} }
.tag.method-tag {
background: #e8e4ff;
color: #9b59b6;
font-weight: bold;
}
.tag.domain-agnostic { .tag.domain-agnostic {
background: #e8f5e8; background: #e8f5e8;
color: #27ae60; color: #27ae60;
@ -426,6 +448,42 @@
margin: 10px 0; margin: 10px 0;
border: 1px solid #c3e6cb; border: 1px solid #c3e6cb;
} }
.type-badge {
display: inline-block;
padding: 4px 8px;
border-radius: 12px;
font-size: 0.75em;
font-weight: bold;
text-transform: uppercase;
margin-left: 10px;
}
.type-software {
background: #3498db;
color: white;
}
.type-method {
background: #9b59b6;
color: white;
}
.conditional-fields {
transition: opacity 0.3s ease;
}
.conditional-fields.disabled {
opacity: 0.5;
pointer-events: none;
}
.icon-input {
font-size: 1.5em;
text-align: center;
padding: 10px;
width: 80px;
}
</style> </style>
</head> </head>
<body> <body>
@ -458,6 +516,14 @@
<div class="stat-number" id="totalTools">0</div> <div class="stat-number" id="totalTools">0</div>
<div class="stat-label">Total Tools</div> <div class="stat-label">Total Tools</div>
</div> </div>
<div class="stat-card">
<div class="stat-number" id="softwareCount">0</div>
<div class="stat-label">Software</div>
</div>
<div class="stat-card">
<div class="stat-number" id="methodCount">0</div>
<div class="stat-label">Methods</div>
</div>
<div class="stat-card"> <div class="stat-card">
<div class="stat-number" id="totalDomains">0</div> <div class="stat-number" id="totalDomains">0</div>
<div class="stat-label">Domains</div> <div class="stat-label">Domains</div>
@ -496,7 +562,7 @@
<!-- Tools Tab --> <!-- Tools Tab -->
<div id="tools" class="tab-content"> <div id="tools" class="tab-content">
<input type="text" class="search-bar" id="searchBar" placeholder="🔍 Search tools by name, description, tags, domains, phases, or domain-agnostic categories..." onkeyup="filterTools()" /> <input type="text" class="search-bar" id="searchBar" placeholder="🔍 Search tools by name, description, tags, domains, phases, or type..." onkeyup="filterTools()" />
<div class="tools-grid" id="toolsGrid"></div> <div class="tools-grid" id="toolsGrid"></div>
</div> </div>
@ -506,11 +572,31 @@
<h3 id="editorTitle">Add New Tool</h3> <h3 id="editorTitle">Add New Tool</h3>
<div id="messageArea"></div> <div id="messageArea"></div>
<form id="toolForm"> <form id="toolForm">
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px;"> <div style="display: grid; grid-template-columns: 1fr 1fr 100px; gap: 20px;">
<div class="form-group"> <div class="form-group">
<label for="toolName">Tool Name *</label> <label for="toolName">Tool Name *</label>
<input type="text" id="toolName" required /> <input type="text" id="toolName" required />
</div> </div>
<div class="form-group">
<label for="toolType">Type *</label>
<select id="toolType" required onchange="handleTypeChange()">
<option value="">Select Type</option>
<option value="software">Software</option>
<option value="method">Method</option>
</select>
</div>
<div class="form-group">
<label for="toolIcon">Icon <small style="color: #7f8c8d; cursor: pointer;" onclick="showIconSuggestions()" title="Click for suggestions">💡 suggestions</small></label>
<input type="text" id="toolIcon" class="icon-input" placeholder="🔧" maxlength="2" />
</div>
</div>
<div class="form-group">
<label for="description">Description *</label>
<textarea id="description" rows="3" required></textarea>
</div>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px;">
<div class="form-group"> <div class="form-group">
<label for="skillLevel">Skill Level *</label> <label for="skillLevel">Skill Level *</label>
<select id="skillLevel" required> <select id="skillLevel" required>
@ -522,74 +608,75 @@
<option value="expert">Expert</option> <option value="expert">Expert</option>
</select> </select>
</div> </div>
</div>
<div class="form-group">
<label for="description">Description *</label>
<textarea id="description" rows="3" required></textarea>
</div>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px;">
<div class="form-group"> <div class="form-group">
<label for="url">URL</label> <label for="url">URL</label>
<input type="url" id="url" /> <input type="url" id="url" />
</div> </div>
<div class="form-group">
<label for="projectUrl">Project URL</label>
<input type="url" id="projectUrl" />
</div>
</div> </div>
<div style="display: grid; grid-template-columns: 1fr 1fr 1fr; gap: 20px;"> <!-- Software-specific fields -->
<div class="form-group"> <div id="softwareFields" class="conditional-fields">
<label for="license">License</label> <div style="display: grid; grid-template-columns: 1fr 1fr 1fr; gap: 20px;">
<input type="text" id="license" /> <div class="form-group">
<label for="projectUrl">Project URL</label>
<input type="url" id="projectUrl" />
</div>
<div class="form-group">
<label for="license">License</label>
<input type="text" id="license" />
</div>
<div class="form-group">
<label for="accessType">Access Type</label>
<select id="accessType">
<option value="">Select Type</option>
<option value="download">Download</option>
<option value="server-based">CC24-Server</option>
<option value="commercial">Commercial</option>
<option value="built-in">Built-in</option>
</select>
</div>
</div> </div>
<div class="form-group">
<label for="accessType">Access Type</label>
<select id="accessType">
<option value="">Select Type</option>
<option value="download">Download</option>
<option value="server-based">CC24-Server</option>
<option value="commercial">Commercial</option>
<option value="OS">Operating System</option>
</select>
</div>
<div class="form-group">
<label for="statusUrl">Status URL</label>
<input type="url" id="statusUrl" />
</div>
</div>
<div class="form-group"> <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px;">
<div class="checkbox-item"> <div class="form-group">
<input type="checkbox" id="knowledgebase" /> <label for="statusUrl">Status URL</label>
<label for="knowledgebase">📚 Knowledgebase Tool</label> <input type="url" id="statusUrl" />
</div>
<div class="form-group">
<div class="checkbox-item">
<input type="checkbox" id="knowledgebase" />
<label for="knowledgebase">📚 Knowledgebase Tool</label>
</div>
</div>
</div> </div>
</div>
<div class="form-group"> <div class="form-group">
<label>Platforms</label> <label>Platforms</label>
<div class="checkbox-group" id="platformsCheckbox"> <div class="checkbox-group" id="platformsCheckbox">
<div class="checkbox-item"> <div class="checkbox-item">
<input type="checkbox" id="platform-windows" value="Windows"> <input type="checkbox" id="platform-windows" value="Windows">
<label for="platform-windows">Windows</label> <label for="platform-windows">Windows</label>
</div> </div>
<div class="checkbox-item"> <div class="checkbox-item">
<input type="checkbox" id="platform-linux" value="Linux"> <input type="checkbox" id="platform-linux" value="Linux">
<label for="platform-linux">Linux</label> <label for="platform-linux">Linux</label>
</div> </div>
<div class="checkbox-item"> <div class="checkbox-item">
<input type="checkbox" id="platform-macos" value="macOS"> <input type="checkbox" id="platform-macos" value="macOS">
<label for="platform-macos">macOS</label> <label for="platform-macos">macOS</label>
</div> </div>
<div class="checkbox-item"> <div class="checkbox-item">
<input type="checkbox" id="platform-web" value="Web"> <input type="checkbox" id="platform-web" value="Web">
<label for="platform-web">Web</label> <label for="platform-web">Web</label>
</div> </div>
<div class="checkbox-item"> <div class="checkbox-item">
<input type="checkbox" id="platform-os" value="OS"> <input type="checkbox" id="platform-os" value="OS">
<label for="platform-os">Operating System</label> <label for="platform-os">Operating System</label>
</div>
<div class="checkbox-item">
<input type="checkbox" id="platform-hardware" value="Hardware">
<label for="platform-hardware">Hardware</label>
</div>
</div> </div>
</div> </div>
</div> </div>
@ -633,6 +720,8 @@
<div style="margin: 20px 0;"> <div style="margin: 20px 0;">
<button class="btn" onclick="selectAllTools()">Select All</button> <button class="btn" onclick="selectAllTools()">Select All</button>
<button class="btn" onclick="selectByType('software')">Select Software</button>
<button class="btn" onclick="selectByType('method')">Select Methods</button>
<button class="btn" onclick="clearSelection()">Clear Selection</button> <button class="btn" onclick="clearSelection()">Clear Selection</button>
<span id="selectionCount" style="margin-left: 20px; font-weight: bold;">0 selected</span> <span id="selectionCount" style="margin-left: 20px; font-weight: bold;">0 selected</span>
</div> </div>
@ -643,11 +732,14 @@
<button class="btn btn-warning" onclick="bulkUpdatePhases()">Update Phases</button> <button class="btn btn-warning" onclick="bulkUpdatePhases()">Update Phases</button>
<button class="btn btn-warning" onclick="bulkUpdateDomainAgnostic()">Update Domain-Agnostic</button> <button class="btn btn-warning" onclick="bulkUpdateDomainAgnostic()">Update Domain-Agnostic</button>
<button class="btn btn-warning" onclick="bulkUpdateTags()">Update Tags</button> <button class="btn btn-warning" onclick="bulkUpdateTags()">Update Tags</button>
<button class="btn btn-warning" onclick="bulkUpdateType()">Update Type</button>
<button class="btn btn-warning" onclick="bulkUpdateIcons()">🎨 Update Icons</button>
</div> </div>
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin-top: 15px;"> <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin-top: 15px;">
<button class="btn" onclick="bulkSetKnowledgebase(true)">📚 Set as Knowledgebase</button> <button class="btn" onclick="bulkSetKnowledgebase(true)">📚 Set as Knowledgebase</button>
<button class="btn" onclick="bulkSetKnowledgebase(false)">📖 Remove Knowledgebase</button> <button class="btn" onclick="bulkSetKnowledgebase(false)">📖 Remove Knowledgebase</button>
<button class="btn" onclick="bulkClearField('icon')">🗑️ Clear Icons</button>
<button class="btn" onclick="bulkClearField('tags')">🗑️ Clear All Tags</button> <button class="btn" onclick="bulkClearField('tags')">🗑️ Clear All Tags</button>
<button class="btn" onclick="bulkClearField('domains')">🗑️ Clear All Domains</button> <button class="btn" onclick="bulkClearField('domains')">🗑️ Clear All Domains</button>
</div> </div>
@ -724,6 +816,25 @@
} }
} }
function handleTypeChange() {
const type = document.getElementById('toolType').value;
const softwareFields = document.getElementById('softwareFields');
if (type === 'method') {
softwareFields.classList.add('disabled');
// Clear software-specific fields for methods
document.getElementById('projectUrl').value = '';
document.getElementById('license').value = '';
document.getElementById('accessType').value = '';
document.getElementById('statusUrl').value = '';
document.getElementById('knowledgebase').checked = false;
// Clear platform checkboxes
document.querySelectorAll('#platformsCheckbox input').forEach(cb => cb.checked = false);
} else {
softwareFields.classList.remove('disabled');
}
}
function showMessage(message, type = 'success') { function showMessage(message, type = 'success') {
const messageArea = document.getElementById('messageArea'); const messageArea = document.getElementById('messageArea');
const className = type === 'error' ? 'error-message' : 'success-message'; const className = type === 'error' ? 'error-message' : 'success-message';
@ -757,24 +868,56 @@
} }
function loadSampleData() { function loadSampleData() {
// This would load from your existing YAML data
// For brevity, I'll just show the structure
try { try {
const sampleData = { const sampleData = {
tools: [], // Your existing tools tools: [
domains: [], // Your existing domains
phases: [], // Your existing phases
"domain-agnostic-software": [
{ {
id: "collaboration-general", name: "Autopsy",
name: "Übergreifend & Kollaboration", icon: "📱",
description: "Cross-cutting tools and collaboration platforms" type: "software",
description: "The leading open-source digital forensics platform.",
domains: ["incident-response", "law-enforcement"],
phases: ["examination", "analysis"],
platforms: ["Windows", "Linux"],
skillLevel: "intermediate",
accessType: "download",
url: "https://www.autopsy.com/",
projectUrl: "",
license: "Apache 2.0",
knowledgebase: false,
tags: ["gui", "filesystem", "timeline-analysis", "carving"]
}, },
{ {
id: "specific-os", name: "Live Memory Acquisition Procedure",
name: "Betriebssysteme", icon: "🧠",
description: "Operating Systems which focus on forensics" type: "method",
description: "Standardized procedure for forensically sound memory acquisition.",
domains: ["incident-response", "law-enforcement"],
phases: ["data-collection"],
platforms: [],
skillLevel: "advanced",
accessType: null,
url: "https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response",
projectUrl: null,
license: null,
knowledgebase: false,
tags: ["memory-acquisition", "volatile-evidence", "procedure"]
} }
],
domains: [
{ id: "incident-response", name: "Incident Response & Breach Investigation" },
{ id: "law-enforcement", name: "Law Enforcement & Criminal Investigation" },
{ id: "malware-analysis", name: "Malware Analysis & Reverse Engineering" }
],
phases: [
{ id: "data-collection", name: "Data Collection", description: "Imaging, Acquisition, Remote Collection Tools" },
{ id: "examination", name: "Examination", description: "Parsing, Extraction, Initial Analysis Tools" },
{ id: "analysis", name: "Analysis", description: "Deep Analysis, Correlation, Visualization Tools" },
{ id: "reporting", name: "Reporting", description: "Documentation, Visualization, Presentation Tools" }
],
"domain-agnostic-software": [
{ id: "collaboration-general", name: "Collaboration & General", description: "Cross-cutting tools and collaboration platforms" },
{ id: "specific-os", name: "Operating Systems", description: "Operating Systems which focus on forensics" }
] ]
}; };
yamlData = sampleData; yamlData = sampleData;
@ -808,6 +951,12 @@
const tools = yamlData.tools; const tools = yamlData.tools;
document.getElementById('totalTools').textContent = tools.length; document.getElementById('totalTools').textContent = tools.length;
const softwareCount = tools.filter(tool => tool.type === 'software').length;
const methodCount = tools.filter(tool => tool.type === 'method').length;
document.getElementById('softwareCount').textContent = softwareCount;
document.getElementById('methodCount').textContent = methodCount;
document.getElementById('totalDomains').textContent = yamlData.domains ? yamlData.domains.length : 0; document.getElementById('totalDomains').textContent = yamlData.domains ? yamlData.domains.length : 0;
document.getElementById('totalPhases').textContent = yamlData.phases ? yamlData.phases.length : 0; document.getElementById('totalPhases').textContent = yamlData.phases ? yamlData.phases.length : 0;
document.getElementById('totalDomainAgnostic').textContent = yamlData['domain-agnostic-software'] ? yamlData['domain-agnostic-software'].length : 0; document.getElementById('totalDomainAgnostic').textContent = yamlData['domain-agnostic-software'] ? yamlData['domain-agnostic-software'].length : 0;
@ -973,11 +1122,12 @@
function createToolCard(tool, index) { function createToolCard(tool, index) {
const card = document.createElement('div'); const card = document.createElement('div');
card.className = 'tool-card'; card.className = `tool-card ${tool.type || 'software'}`;
const skillClass = `skill-${tool.skillLevel || 'intermediate'}`; const skillClass = `skill-${tool.skillLevel || 'intermediate'}`;
const tags = (tool.tags || []).map(tag => `<span class="tag">${tag}</span>`).join(''); const tags = (tool.tags || []).map(tag => `<span class="tag">${tag}</span>`).join('');
const knowledgebaseIndicator = tool.knowledgebase ? '<span class="tag" style="background: #e8f5e8; color: #27ae60; font-weight: bold;">📚 Knowledgebase</span>' : ''; const knowledgebaseIndicator = tool.knowledgebase ? '<span class="tag" style="background: #e8f5e8; color: #27ae60; font-weight: bold;">📚 Knowledgebase</span>' : '';
const typeIndicator = `<span class="type-badge type-${tool.type || 'software'}">${tool.type || 'software'}</span>`;
// Add domain-agnostic indicators // Add domain-agnostic indicators
const domainAgnosticTags = (tool['domain-agnostic-software'] || []).map(cat => { const domainAgnosticTags = (tool['domain-agnostic-software'] || []).map(cat => {
@ -986,7 +1136,11 @@
}).join(''); }).join('');
card.innerHTML = ` card.innerHTML = `
<h3>${tool.name}</h3> <h3>
${tool.icon ? `<span class="tool-icon">${tool.icon}</span>` : ''}
${tool.name}
${typeIndicator}
</h3>
<div style="margin: 5px 0;"> <div style="margin: 5px 0;">
<div class="skill-badge ${skillClass}">${tool.skillLevel || 'intermediate'}</div> <div class="skill-badge ${skillClass}">${tool.skillLevel || 'intermediate'}</div>
${knowledgebaseIndicator} ${knowledgebaseIndicator}
@ -1004,16 +1158,21 @@
function createBulkToolCard(tool, index) { function createBulkToolCard(tool, index) {
const card = document.createElement('div'); const card = document.createElement('div');
card.className = 'tool-card'; card.className = `tool-card ${tool.type || 'software'}`;
const skillClass = `skill-${tool.skillLevel || 'intermediate'}`; const skillClass = `skill-${tool.skillLevel || 'intermediate'}`;
const isSelected = selectedTools.has(index); const isSelected = selectedTools.has(index);
const knowledgebaseIndicator = tool.knowledgebase ? '<span class="tag" style="background: #e8f5e8; color: #27ae60; font-weight: bold; margin-left: 10px;">📚 KB</span>' : ''; const knowledgebaseIndicator = tool.knowledgebase ? '<span class="tag" style="background: #e8f5e8; color: #27ae60; font-weight: bold; margin-left: 10px;">📚 KB</span>' : '';
const typeIndicator = `<span class="type-badge type-${tool.type || 'software'}" style="margin-left: 10px;">${tool.type || 'software'}</span>`;
card.innerHTML = ` card.innerHTML = `
<div style="display: flex; align-items: center; gap: 10px; margin-bottom: 10px;"> <div style="display: flex; align-items: center; gap: 10px; margin-bottom: 10px;">
<input type="checkbox" ${isSelected ? 'checked' : ''} onchange="toggleToolSelection(${index})" /> <input type="checkbox" ${isSelected ? 'checked' : ''} onchange="toggleToolSelection(${index})" />
<h3 style="margin: 0;">${tool.name}</h3> <h3 style="margin: 0; display: flex; align-items: center; gap: 8px;">
${tool.icon ? `<span class="tool-icon">${tool.icon}</span>` : ''}
${tool.name}
</h3>
${typeIndicator}
${knowledgebaseIndicator} ${knowledgebaseIndicator}
</div> </div>
<div class="skill-badge ${skillClass}">${tool.skillLevel || 'intermediate'}</div> <div class="skill-badge ${skillClass}">${tool.skillLevel || 'intermediate'}</div>
@ -1046,6 +1205,7 @@
const searchableText = [ const searchableText = [
tool.name || '', tool.name || '',
tool.description || '', tool.description || '',
tool.type || '',
...(tool.tags || []), ...(tool.tags || []),
...(tool.domains || []), ...(tool.domains || []),
...(tool.phases || []), ...(tool.phases || []),
@ -1077,6 +1237,8 @@
// Populate form fields // Populate form fields
document.getElementById('toolName').value = tool.name || ''; document.getElementById('toolName').value = tool.name || '';
document.getElementById('toolType').value = tool.type || 'software';
document.getElementById('toolIcon').value = tool.icon || '';
document.getElementById('description').value = tool.description || ''; document.getElementById('description').value = tool.description || '';
document.getElementById('skillLevel').value = tool.skillLevel || ''; document.getElementById('skillLevel').value = tool.skillLevel || '';
document.getElementById('url').value = tool.url || ''; document.getElementById('url').value = tool.url || '';
@ -1086,6 +1248,9 @@
document.getElementById('statusUrl').value = tool.statusUrl || ''; document.getElementById('statusUrl').value = tool.statusUrl || '';
document.getElementById('knowledgebase').checked = tool.knowledgebase || false; document.getElementById('knowledgebase').checked = tool.knowledgebase || false;
// Handle conditional fields
handleTypeChange();
// Set checkboxes // Set checkboxes
setCheckboxValues('#platformsCheckbox input', tool.platforms || []); setCheckboxValues('#platformsCheckbox input', tool.platforms || []);
setCheckboxValues('#domainsCheckbox input', tool.domains || []); setCheckboxValues('#domainsCheckbox input', tool.domains || []);
@ -1149,36 +1314,70 @@
yamlData.tools = []; yamlData.tools = [];
} }
const toolType = document.getElementById('toolType').value;
const tool = { const tool = {
name: document.getElementById('toolName').value, name: document.getElementById('toolName').value,
type: toolType,
description: document.getElementById('description').value, description: document.getElementById('description').value,
domains: getCheckedValues('#domainsCheckbox input:checked'), domains: getCheckedValues('#domainsCheckbox input:checked'),
phases: getCheckedValues('#phasesCheckbox input:checked'), phases: getCheckedValues('#phasesCheckbox input:checked'),
platforms: getCheckedValues('#platformsCheckbox input:checked'),
'domain-agnostic-software': getCheckedValues('#domainAgnosticCheckbox input:checked'),
skillLevel: document.getElementById('skillLevel').value, skillLevel: document.getElementById('skillLevel').value,
accessType: document.getElementById('accessType').value,
url: document.getElementById('url').value, url: document.getElementById('url').value,
projectUrl: document.getElementById('projectUrl').value,
license: document.getElementById('license').value,
knowledgebase: document.getElementById('knowledgebase').checked,
tags: getTags() tags: getTags()
}; };
// Add icon if provided
const icon = document.getElementById('toolIcon').value.trim();
if (icon) {
tool.icon = icon;
}
// Add software-specific fields
if (toolType === 'software') {
tool.platforms = getCheckedValues('#platformsCheckbox input:checked');
tool.accessType = document.getElementById('accessType').value;
tool.projectUrl = document.getElementById('projectUrl').value;
tool.license = document.getElementById('license').value;
tool.knowledgebase = document.getElementById('knowledgebase').checked;
const statusUrl = document.getElementById('statusUrl').value;
if (statusUrl) {
tool.statusUrl = statusUrl;
}
} else {
// For methods, set appropriate defaults
tool.platforms = [];
tool.accessType = null;
tool.projectUrl = null;
tool.license = null;
tool.knowledgebase = false;
}
// Add domain-agnostic software if selected
const domainAgnostic = getCheckedValues('#domainAgnosticCheckbox input:checked');
if (domainAgnostic.length > 0) {
tool['domain-agnostic-software'] = domainAgnostic;
} else {
tool['domain-agnostic-software'] = null;
}
// Clean up empty arrays and null values // Clean up empty arrays and null values
Object.keys(tool).forEach(key => { Object.keys(tool).forEach(key => {
if (Array.isArray(tool[key]) && tool[key].length === 0) { if (Array.isArray(tool[key]) && tool[key].length === 0) {
delete tool[key]; if (key === 'platforms' && toolType === 'method') {
tool[key] = []; // Keep empty array for methods
} else {
delete tool[key];
}
} else if (tool[key] === '' || tool[key] === null) { } else if (tool[key] === '' || tool[key] === null) {
delete tool[key]; if ((key === 'accessType' || key === 'projectUrl' || key === 'license') && toolType === 'method') {
tool[key] = null; // Keep null for methods
} else {
delete tool[key];
}
} }
}); });
const statusUrl = document.getElementById('statusUrl').value;
if (statusUrl) {
tool.statusUrl = statusUrl;
}
if (currentEditingIndex >= 0) { if (currentEditingIndex >= 0) {
yamlData.tools[currentEditingIndex] = tool; yamlData.tools[currentEditingIndex] = tool;
showMessage('Tool updated successfully!'); showMessage('Tool updated successfully!');
@ -1213,6 +1412,7 @@
document.getElementById('tagContainer').querySelectorAll('.removable-tag').forEach(tag => tag.remove()); document.getElementById('tagContainer').querySelectorAll('.removable-tag').forEach(tag => tag.remove());
document.getElementById('editorTitle').textContent = 'Add New Tool'; document.getElementById('editorTitle').textContent = 'Add New Tool';
document.getElementById('deleteBtn').style.display = 'none'; document.getElementById('deleteBtn').style.display = 'none';
document.getElementById('softwareFields').classList.remove('disabled');
currentEditingIndex = -1; currentEditingIndex = -1;
} }
@ -1251,6 +1451,18 @@
} }
} }
function selectByType(type) {
if (yamlData && yamlData.tools) {
yamlData.tools.forEach((tool, index) => {
if (tool.type === type) {
selectedTools.add(index);
}
});
updateSelectionCount();
renderBulkGrid();
}
}
function clearSelection() { function clearSelection() {
selectedTools.clear(); selectedTools.clear();
updateSelectionCount(); updateSelectionCount();
@ -1261,6 +1473,111 @@
document.getElementById('selectionCount').textContent = `${selectedTools.size} selected`; document.getElementById('selectionCount').textContent = `${selectedTools.size} selected`;
} }
function showIconSuggestions() {
const suggestions = `DFIR Tool Icons by Operational Mode:
📦 Downloaded/Installed 🌐 Web Application ☁️ Cloud Service
🖥️ Operating System ⌨️ Command Line 📡 Server/Self-hosted
🔧 Hardware Tool 💰 Commercial ⚙️ Built-in/System
📱 Mobile Application 🔗 API/Library 📋 Method/Procedure
🖲️ Remote Access 💻 Desktop GUI 🛠️ Utility/Helper
🏢 Enterprise Platform 🔓 Open Source 🎯 Specialized Tool
📊 Analysis Platform 🗄️ Database/Storage 🔄 Processing Engine
Most common combinations:
📦 + 🔓 = Open Source Desktop Software
🌐 + ☁️ = Cloud Web Application
🖥️ + 🔓 = Forensic Live OS
⌨️ + 🔧 = Command Line Utility
📋 + 🎯 = Specialized Method
Click any emoji to copy it, then paste into the icon field.`;
alert(suggestions);
}
function bulkUpdateIcons() {
if (selectedTools.size === 0) {
showMessage('No tools selected', 'error');
return;
}
// Show operational mode-focused icon suggestions
const suggestedIcons = `
DFIR Tool Icons by Operational Mode:
📦 Downloaded/Installed 🌐 Web Application ☁️ Cloud Service
🖥️ Operating System ⌨️ Command Line 📡 Server/Self-hosted
🔧 Hardware Tool 💰 Commercial ⚙️ Built-in/System
📱 Mobile Application 🔗 API/Library 📋 Method/Procedure
🖲️ Remote Access 💻 Desktop GUI 🛠️ Utility/Helper
🏢 Enterprise Platform 🔓 Open Source 🎯 Specialized Tool
📊 Analysis Platform 🗄️ Database/Storage 🔄 Processing Engine
Quick suggestions by access type:
• Downloaded Software: 📦
• Web Applications: 🌐
• Cloud Services: ☁️
• Operating Systems: 🖥️
• Command Line: ⌨️
• Hardware: 🔧
• Methods/Procedures: 📋`;
const icon = prompt(`Enter emoji icon (single character) or leave empty to remove:\n\n${suggestedIcons}`);
if (icon !== null) { // Allow empty string to remove icons
const trimmedIcon = icon.trim();
if (trimmedIcon.length > 2) {
showMessage('Icon should be a single emoji character', 'error');
return;
}
selectedTools.forEach(index => {
if (trimmedIcon === '') {
delete yamlData.tools[index].icon; // Remove icon field entirely
} else {
yamlData.tools[index].icon = trimmedIcon;
}
});
const action = trimmedIcon === '' ? 'removed icons from' : 'updated icons for';
showMessage(`Successfully ${action} ${selectedTools.size} tools`);
renderBulkGrid();
renderToolsGrid(); // Update tools view if visible
}
}
function bulkUpdateType() {
if (selectedTools.size === 0) {
showMessage('No tools selected', 'error');
return;
}
const type = prompt('Enter type (software/method):');
if (type && ['software', 'method'].includes(type)) {
selectedTools.forEach(index => {
yamlData.tools[index].type = type;
// Handle method-specific cleanup
if (type === 'method') {
yamlData.tools[index].platforms = [];
yamlData.tools[index].accessType = null;
yamlData.tools[index].projectUrl = null;
yamlData.tools[index].license = null;
yamlData.tools[index].knowledgebase = false;
if (yamlData.tools[index].statusUrl) {
delete yamlData.tools[index].statusUrl;
}
}
});
showMessage(`Updated type for ${selectedTools.size} tools`);
updateStats();
renderBulkGrid();
}
}
function bulkUpdateSkillLevel() { function bulkUpdateSkillLevel() {
if (selectedTools.size === 0) { if (selectedTools.size === 0) {
showMessage('No tools selected', 'error'); showMessage('No tools selected', 'error');
@ -1352,19 +1669,29 @@
return; return;
} }
const action = value ? 'set as knowledgebase' : 'remove knowledgebase flag from'; // Only apply to software tools
if (!confirm(`Are you sure you want to ${action} ${selectedTools.size} selected tools?`)) { const softwareTools = Array.from(selectedTools).filter(index =>
yamlData.tools[index].type === 'software'
);
if (softwareTools.length === 0) {
showMessage('No software tools selected (knowledgebase only applies to software)', 'error');
return; return;
} }
selectedTools.forEach(index => { const action = value ? 'set as knowledgebase' : 'remove knowledgebase flag from';
if (!confirm(`Are you sure you want to ${action} ${softwareTools.length} selected software tools?`)) {
return;
}
softwareTools.forEach(index => {
if (yamlData.tools[index]) { if (yamlData.tools[index]) {
yamlData.tools[index].knowledgebase = value; yamlData.tools[index].knowledgebase = value;
} }
}); });
const actionCompleted = value ? 'marked as knowledgebase' : 'removed knowledgebase flag from'; const actionCompleted = value ? 'marked as knowledgebase' : 'removed knowledgebase flag from';
showMessage(`Successfully ${actionCompleted} ${selectedTools.size} tools`); showMessage(`Successfully ${actionCompleted} ${softwareTools.length} software tools`);
updateStats(); updateStats();
renderBulkGrid(); renderBulkGrid();
@ -1383,11 +1710,23 @@
selectedTools.forEach(index => { selectedTools.forEach(index => {
if (yamlData.tools[index]) { if (yamlData.tools[index]) {
const tool = yamlData.tools[index];
const arrayFields = ['tags', 'domains', 'phases', 'platforms', 'domain-agnostic-software']; const arrayFields = ['tags', 'domains', 'phases', 'platforms', 'domain-agnostic-software'];
if (arrayFields.includes(fieldName)) { if (arrayFields.includes(fieldName)) {
yamlData.tools[index][fieldName] = []; if (fieldName === 'platforms' && tool.type === 'method') {
tool[fieldName] = []; // Keep empty array for methods
} else {
tool[fieldName] = [];
}
} else if (fieldName === 'icon') {
delete tool.icon; // Remove icon field entirely
} else { } else {
yamlData.tools[index][fieldName] = ''; if ((fieldName === 'projectUrl' || fieldName === 'accessType' || fieldName === 'license') && tool.type === 'method') {
tool[fieldName] = null; // Keep null for methods
} else {
tool[fieldName] = '';
}
} }
} }
}); });
@ -1399,6 +1738,9 @@
} }
renderBulkGrid(); renderBulkGrid();
if (fieldName === 'icon') {
renderToolsGrid(); // Update tools view to reflect icon changes
}
} }
function bulkDelete() { function bulkDelete() {
@ -1438,6 +1780,25 @@
if (!tool.name) validationResults.push(`❌ Tool ${index + 1}: Missing name`); if (!tool.name) validationResults.push(`❌ Tool ${index + 1}: Missing name`);
if (!tool.description) validationResults.push(`❌ Tool ${index + 1}: Missing description`); if (!tool.description) validationResults.push(`❌ Tool ${index + 1}: Missing description`);
if (!tool.skillLevel) validationResults.push(`❌ Tool ${index + 1}: Missing skillLevel`); if (!tool.skillLevel) validationResults.push(`❌ Tool ${index + 1}: Missing skillLevel`);
if (!tool.type) validationResults.push(`❌ Tool ${index + 1}: Missing type`);
if (tool.type && !['software', 'method'].includes(tool.type)) {
validationResults.push(`❌ Tool ${index + 1}: Invalid type (must be 'software' or 'method')`);
}
// Software-specific validation
if (tool.type === 'software') {
if (!tool.platforms || tool.platforms.length === 0) {
validationResults.push(`❌ Tool ${index + 1}: Software must have platforms`);
}
if (!tool.license) validationResults.push(`❌ Tool ${index + 1}: Software should have license`);
}
// Method-specific validation
if (tool.type === 'method') {
if (tool.platforms && tool.platforms.length > 0) {
validationResults.push(`⚠️ Tool ${index + 1}: Methods should not have platforms`);
}
}
}); });
} }

60
public/fingerprint_scope_logo.svg
View File

@ -1,60 +0,0 @@
<svg width="400" height="400" viewBox="0 0 400 400" xmlns="http://www.w3.org/2000/svg">
<!-- Blue background -->
<rect width="400" height="400" fill="#1e40af"/>
<!-- Screen/monitor frame -->
<rect x="20" y="20" width="360" height="360" fill="none" stroke="#ffffff" stroke-width="8" rx="10"/>
<rect x="35" y="35" width="330" height="330" fill="none" stroke="#ffffff" stroke-width="4" rx="5"/>
<!-- Scope outer circle -->
<circle cx="200" cy="200" r="140" fill="none" stroke="#ffffff" stroke-width="6"/>
<!-- Crosshairs -->
<!-- Horizontal line -->
<line x1="60" y1="200" x2="340" y2="200" stroke="#ffffff" stroke-width="3"/>
<!-- Vertical line -->
<line x1="200" y1="60" x2="200" y2="340" stroke="#ffffff" stroke-width="3"/>
<!-- Crosshair markers -->
<line x1="120" y1="195" x2="120" y2="205" stroke="#ffffff" stroke-width="2"/>
<line x1="280" y1="195" x2="280" y2="205" stroke="#ffffff" stroke-width="2"/>
<line x1="195" y1="120" x2="205" y2="120" stroke="#ffffff" stroke-width="2"/>
<line x1="195" y1="280" x2="205" y2="280" stroke="#ffffff" stroke-width="2"/>
<!-- Inner scope circle -->
<circle cx="200" cy="200" r="90" fill="none" stroke="#ffffff" stroke-width="2"/>
<!-- Stylized fingerprint -->
<g stroke="#ffffff" stroke-width="2.5" fill="none">
<!-- Center spiral -->
<ellipse cx="200" cy="200" rx="12" ry="15"/>
<!-- Fingerprint ridges -->
<ellipse cx="200" cy="200" rx="22" ry="28"/>
<ellipse cx="200" cy="200" rx="32" ry="40"/>
<ellipse cx="200" cy="200" rx="42" ry="52"/>
<ellipse cx="200" cy="200" rx="52" ry="64"/>
<ellipse cx="200" cy="200" rx="62" ry="75"/>
<!-- Fingerprint pattern breaks for realism -->
<path d="M 160 180 Q 180 175 200 180" stroke-width="2"/>
<path d="M 200 220 Q 220 225 240 220" stroke-width="2"/>
<path d="M 175 240 Q 190 245 205 240" stroke-width="2"/>
<path d="M 180 160 Q 190 155 200 160" stroke-width="2"/>
<!-- Additional ridge details -->
<path d="M 170 200 Q 185 190 200 200" stroke-width="1.5"/>
<path d="M 200 200 Q 215 210 230 200" stroke-width="1.5"/>
</g>
<!-- Scope corner markers -->
<g stroke="#ffffff" stroke-width="2" fill="none">
<path d="M 80 80 L 90 80 L 90 90"/>
<path d="M 320 80 L 310 80 L 310 90"/>
<path d="M 80 320 L 90 320 L 90 310"/>
<path d="M 320 320 L 310 320 L 310 310"/>
</g>
<!-- Center dot -->
<circle cx="200" cy="200" r="3" fill="#ffffff"/>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 2.4 KiB

8
src/components/AIQueryInterface.astro
View File

@ -461,7 +461,10 @@ document.addEventListener('DOMContentLoaded', () => {
<div class="tool-recommendation ${tool.type === 'method' ? 'method' : hasValidProjectUrl ? 'hosted' : (tool.license !== 'Proprietary' ? 'oss' : '')}" <div class="tool-recommendation ${tool.type === 'method' ? 'method' : hasValidProjectUrl ? 'hosted' : (tool.license !== 'Proprietary' ? 'oss' : '')}"
onclick="window.showToolDetails('${tool.name}')"> onclick="window.showToolDetails('${tool.name}')">
<div class="tool-rec-header"> <div class="tool-rec-header">
<h4 class="tool-rec-name">${tool.name}</h4> <h4 class="tool-rec-name">
${tool.icon ? `<span style="margin-right: 0.5rem;">${tool.icon}</span>` : ''}
${tool.name}
</h4>
<span class="tool-rec-priority ${tool.recommendation.priority}" <span class="tool-rec-priority ${tool.recommendation.priority}"
style="background-color: ${priorityColors[tool.recommendation.priority]};"> style="background-color: ${priorityColors[tool.recommendation.priority]};">
${tool.recommendation.priority} ${tool.recommendation.priority}
@ -474,9 +477,8 @@ document.addEventListener('DOMContentLoaded', () => {
<div class="tool-rec-metadata"> <div class="tool-rec-metadata">
<div style="display: flex; flex-wrap: wrap; gap: 0.25rem; margin-bottom: 0.5rem;"> <div style="display: flex; flex-wrap: wrap; gap: 0.25rem; margin-bottom: 0.5rem;">
${tool.type === 'method' ? '<span class="badge" style="background-color: var(--color-method); color: white;">Methode</span>' : ''}
${tool.type !== 'method' && hasValidProjectUrl ? '<span class="badge badge-primary">CC24-Server</span>' : ''} ${tool.type !== 'method' && hasValidProjectUrl ? '<span class="badge badge-primary">CC24-Server</span>' : ''}
${tool.type !== 'method' && tool.license !== 'Proprietary' ? '<span class="badge badge-success">Open Source</span>' : ''} ${tool.knowledgebase === true ? '<span class="badge badge-error">📖</span>' : ''}
<span class="badge" style="background-color: var(--color-bg-tertiary); color: var(--color-text);">${tool.skillLevel}</span> <span class="badge" style="background-color: var(--color-bg-tertiary); color: var(--color-text);">${tool.skillLevel}</span>
</div> </div>
<div style="font-size: 0.8125rem; color: var(--color-text-secondary);"> <div style="font-size: 0.8125rem; color: var(--color-text-secondary);">

21
src/components/ToolCard.astro
View File

@ -2,6 +2,7 @@
export interface Props { export interface Props {
tool: { tool: {
name: string; name: string;
icon?: string;
type?: string; type?: string;
description: string; description: string;
domains: string[]; domains: string[];
@ -38,16 +39,18 @@ const cardClass = isMethod ? 'card card-method tool-card' :
(tool.license !== 'Proprietary' ? 'card card-oss tool-card' : 'card tool-card'); (tool.license !== 'Proprietary' ? 'card card-oss tool-card' : 'card tool-card');
--- ---
<div class={cardClass} onclick={`window.showToolDetails('${tool.name}')`} style="cursor: pointer; border-left: 4px solid ${isMethod ? 'var(--color-method)' : hasValidProjectUrl ? 'var(--color-hosted)' : tool.license !== 'Proprietary' ? 'var(--color-oss)' : 'var(--color-border)'};"> <div class={cardClass} onclick={`window.showToolDetails('${tool.name}')`} style="cursor: pointer; border-left: 4px solid {isMethod ? 'var(--color-method)' : hasValidProjectUrl ? 'var(--color-hosted)' : tool.license !== 'Proprietary' ? 'var(--color-oss)' : 'var(--color-border)'};">
<!-- Card Header with Fixed Height --> <!-- Card Header with Fixed Height -->
<div class="tool-card-header"> <div class="tool-card-header">
<h3>{tool.name}</h3> <h3>
<div class="tool-card-badges"> {tool.icon && <span style="margin-right: 0.5rem; font-size: 1.125rem;">{tool.icon}</span>}
{isMethod && <span class="badge" style="background-color: var(--color-method); color: white;">Methode</span>} {tool.name}
{!isMethod && hasValidProjectUrl && <span class="badge badge-primary">CC24-Server</span>} </h3>
{!isMethod && tool.license !== 'Proprietary' && <span class="badge badge-success">OSS</span>} <div class="tool-card-badges">
{hasKnowledgebase && <span class="badge badge-error">📖</span>} <!-- Only show CC24-Server and Knowledgebase badges -->
</div> {!isMethod && hasValidProjectUrl && <span class="badge badge-primary">CC24-Server</span>}
{hasKnowledgebase && <span class="badge badge-error">📖</span>}
</div>
</div> </div>
<!-- Description - Truncated to 2 lines --> <!-- Description - Truncated to 2 lines -->

32
src/components/ToolMatrix.astro
View File

@ -65,11 +65,13 @@ domains.forEach((domain: any) => {
<div class={`collaboration-tool-compact ${hasValidProjectUrl ? 'hosted' : tool.license !== 'Proprietary' ? 'oss' : ''}`} <div class={`collaboration-tool-compact ${hasValidProjectUrl ? 'hosted' : tool.license !== 'Proprietary' ? 'oss' : ''}`}
onclick={`window.showToolDetails('${tool.name}')`}> onclick={`window.showToolDetails('${tool.name}')`}>
<div class="tool-compact-header"> <div class="tool-compact-header">
<h4 style="margin: 0; font-size: 0.875rem; font-weight: 600;">{tool.name}</h4> <h4 style="margin: 0; font-size: 0.875rem; font-weight: 600;">
{tool.icon && <span style="margin-right: 0.5rem;">{tool.icon}</span>}
{tool.name}
</h4>
<div style="display: flex; gap: 0.25rem;"> <div style="display: flex; gap: 0.25rem;">
{hasValidProjectUrl && <span class="badge badge--mini badge-primary">CC24-Server</span>} {hasValidProjectUrl && <span class="badge badge--mini badge-primary">CC24-Server</span>}
{tool.license !== 'Proprietary' && <span class="badge badge--mini badge-success">OSS</span>} {tool.knowledgebase === true && <span class="badge badge--mini badge-error">📖</span>}
{tool.knowledgebase === true && <span class="badge badge--mini badge-error">Infos 📖</span>}
</div> </div>
</div> </div>
<p class="text-muted"> <p class="text-muted">
@ -249,29 +251,25 @@ domains.forEach((domain: any) => {
const isMethod = tool.type === 'method'; const isMethod = tool.type === 'method';
// Update modal content // Update modal content
document.getElementById('tool-name').textContent = tool.name; const toolNameElement = document.getElementById('tool-name');
const iconHtml = tool.icon ? `<span style="margin-right: 0.75rem; font-size: 1.5rem;">${tool.icon}</span>` : '';
toolNameElement.innerHTML = `${iconHtml}${tool.name}`;
document.getElementById('tool-description').textContent = tool.description; document.getElementById('tool-description').textContent = tool.description;
// Badges // Badges - Only CC24-Server and Knowledgebase
const badgesContainer = document.getElementById('tool-badges'); const badgesContainer = document.getElementById('tool-badges');
const hasValidProjectUrl = tool.projectUrl !== undefined && const hasValidProjectUrl = tool.projectUrl !== undefined &&
tool.projectUrl !== null && tool.projectUrl !== null &&
tool.projectUrl !== "" && tool.projectUrl !== "" &&
tool.projectUrl.trim() !== ""; tool.projectUrl.trim() !== "";
badgesContainer.innerHTML = ''; badgesContainer.innerHTML = '';
if (isMethod) { // Only show CC24-Server and Knowledgebase badges
badgesContainer.innerHTML += '<span class="badge" style="background-color: var(--color-method); color: white;">Methode</span>'; if (!isMethod && hasValidProjectUrl) {
} else { badgesContainer.innerHTML += '<span class="badge badge-primary">CC24-Server</span>';
if (hasValidProjectUrl) {
badgesContainer.innerHTML += '<span class="badge badge-primary">CC24-Server</span>';
}
if (tool.license !== 'Proprietary') {
badgesContainer.innerHTML += '<span class="badge badge-success">Open Source</span>';
}
} }
if (tool.knowledgebase === true) { if (tool.knowledgebase === true) {
badgesContainer.innerHTML += '<span class="badge badge-error">Infos 📖</span>'; badgesContainer.innerHTML += '<span class="badge badge-error">📖</span>';
} }
// Metadata - safe array handling // Metadata - safe array handling

232
src/data/tools.yaml
View File

@ -1,5 +1,6 @@
tools: tools:
- name: Autopsy - name: Autopsy
icon: 📦
type: software type: software
description: >- description: >-
Die führende Open-Source-Alternative zu kommerziellen Forensik-Suiten mit Die führende Open-Source-Alternative zu kommerziellen Forensik-Suiten mit
@ -35,10 +36,11 @@ tools:
- artifact-extraction - artifact-extraction
- keyword-search - keyword-search
- name: Volatility 3 - name: Volatility 3
icon: 📦
type: software type: software
description: >- description: >-
Das Schweizer Taschenmesser der Memory-Forensik, unverzichtbar für die Das Universalwerkzeug der Live-Forensik, unverzichtbar für die Analyse von
Analyse von RAM-Dumps. Mit über 100 Plugins extrahiert es Prozesse, RAM-Dumps. Mit über 100 Plugins extrahiert es Prozesse,
Netzwerkverbindungen, Registry-Keys und versteckte Malware aus dem Netzwerkverbindungen, Registry-Keys und versteckte Malware aus dem
Arbeitsspeicher. Die Python-basierte Architektur macht es flexibel Arbeitsspeicher. Die Python-basierte Architektur macht es flexibel
erweiterbar, erfordert aber solide Kommandozeilen-Kenntnisse. Version 3 erweiterbar, erfordert aber solide Kommandozeilen-Kenntnisse. Version 3
@ -71,6 +73,7 @@ tools:
- scripting - scripting
- process-analysis - process-analysis
- name: TheHive 5 - name: TheHive 5
icon: 🌐
type: software type: software
description: >- description: >-
Moderne Security-Orchestrierungs-Plattform für die koordinierte Moderne Security-Orchestrierungs-Plattform für die koordinierte
@ -106,6 +109,7 @@ tools:
- incident-tracking - incident-tracking
statusUrl: https://uptime.example.lab/api/badge/1/status statusUrl: https://uptime.example.lab/api/badge/1/status
- name: MISP - name: MISP
icon: 🌐
type: software type: software
description: >- description: >-
Das Rückgrat des modernen Threat-Intelligence-Sharings mit über 40.000 Das Rückgrat des modernen Threat-Intelligence-Sharings mit über 40.000
@ -140,6 +144,7 @@ tools:
- automation - automation
statusUrl: https://status.mikoshi.de/api/badge/34/status statusUrl: https://status.mikoshi.de/api/badge/34/status
- name: Timesketch - name: Timesketch
icon: 📦
type: software type: software
description: >- description: >-
Google's Open-Source-Lösung für kollaborative Timeline-Analyse großer Google's Open-Source-Lösung für kollaborative Timeline-Analyse großer
@ -173,6 +178,7 @@ tools:
- correlation - correlation
statusUrl: https://uptime.example.lab/api/badge/3/status statusUrl: https://uptime.example.lab/api/badge/3/status
- name: Wireshark - name: Wireshark
icon: 📦
type: software type: software
description: >- description: >-
Der unangefochtene König der Netzwerk-Protokoll-Analyse mit Support für Der unangefochtene König der Netzwerk-Protokoll-Analyse mit Support für
@ -209,6 +215,7 @@ tools:
- visualization - visualization
- filtering - filtering
- name: Magnet AXIOM - name: Magnet AXIOM
icon: 📦
type: software type: software
description: >- description: >-
Die Rolls-Royce unter den kommerziellen Forensik-Suiten mit Die Rolls-Royce unter den kommerziellen Forensik-Suiten mit
@ -244,6 +251,7 @@ tools:
- automated-analysis - automated-analysis
- reporting - reporting
- name: Cellebrite UFED - name: Cellebrite UFED
icon: 📦
type: software type: software
description: >- description: >-
Der Goldstandard der mobilen Forensik mit legendären Der Goldstandard der mobilen Forensik mit legendären
@ -276,6 +284,7 @@ tools:
- hardware-interface - hardware-interface
- automated-analysis - automated-analysis
- name: Cuckoo Sandbox 3 - name: Cuckoo Sandbox 3
icon: 🌐
type: software type: software
description: >- description: >-
Die führende Open-Source-Sandbox für automatisierte Malware-Analyse in Die führende Open-Source-Sandbox für automatisierte Malware-Analyse in
@ -308,6 +317,7 @@ tools:
- virtualization - virtualization
- automated-analysis - automated-analysis
- name: Ghidra - name: Ghidra
icon: 📦
type: software type: software
description: >- description: >-
NSAs Geschenk an die Reverse-Engineering-Community als mächtige NSAs Geschenk an die Reverse-Engineering-Community als mächtige
@ -340,6 +350,7 @@ tools:
- scripting - scripting
- static-analysis - static-analysis
- name: Plaso (log2timeline) - name: Plaso (log2timeline)
icon: 📦
type: software type: software
description: >- description: >-
Der industrielle Staubsauger für Zeitstempel - extrahiert aus hunderten Der industrielle Staubsauger für Zeitstempel - extrahiert aus hunderten
@ -375,6 +386,7 @@ tools:
- artifact-extraction - artifact-extraction
- scripting - scripting
- name: CyberChef - name: CyberChef
icon: 🌐
type: software type: software
description: >- description: >-
Das digitale Schweizer Taschenmesser für Daten-Manipulation mit über 300 Das digitale Schweizer Taschenmesser für Daten-Manipulation mit über 300
@ -407,6 +419,7 @@ tools:
- visualization - visualization
- parsing - parsing
- name: Velociraptor - name: Velociraptor
icon: 🌐
type: software type: software
description: >- description: >-
Die nächste Evolution der Endpoint-Forensik mit skalierbarer Die nächste Evolution der Endpoint-Forensik mit skalierbarer
@ -447,6 +460,7 @@ tools:
- hunting - hunting
statusUrl: https://status.mikoshi.de/api/badge/33/status statusUrl: https://status.mikoshi.de/api/badge/33/status
- name: GRR Rapid Response - name: GRR Rapid Response
icon: 🌐
type: software type: software
description: >- description: >-
Googles Antwort auf Enterprise-Scale-Forensik für die Untersuchung von Googles Antwort auf Enterprise-Scale-Forensik für die Untersuchung von
@ -483,6 +497,7 @@ tools:
- live-forensics - live-forensics
- fleet-management - fleet-management
- name: Arkime - name: Arkime
icon: 📦
type: software type: software
description: >- description: >-
Das Heavy-Metal-Tool für Full-Packet-Capture mit der Fähigkeit, Petabytes Das Heavy-Metal-Tool für Full-Packet-Capture mit der Fähigkeit, Petabytes
@ -517,6 +532,7 @@ tools:
- api - api
- big-data - big-data
- name: NetworkMiner - name: NetworkMiner
icon: 📦
type: software type: software
description: >- description: >-
Der benutzerfreundliche kleine Bruder von Wireshark mit Fokus auf Forensik Der benutzerfreundliche kleine Bruder von Wireshark mit Fokus auf Forensik
@ -550,6 +566,7 @@ tools:
- parsing - parsing
- session-reconstruction - session-reconstruction
- name: ExifTool - name: ExifTool
icon: 📦
type: software type: software
description: >- description: >-
Der Metadaten-Maestro, der aus über 1000 Dateiformaten verborgene Der Metadaten-Maestro, der aus über 1000 Dateiformaten verborgene
@ -585,6 +602,7 @@ tools:
- scripting - scripting
- batch-processing - batch-processing
- name: Chainalysis - name: Chainalysis
icon: 📦
type: software type: software
description: >- description: >-
Der Platzhirsch der Blockchain-Forensik mit Zugriff auf die größte Der Platzhirsch der Blockchain-Forensik mit Zugriff auf die größte
@ -616,6 +634,7 @@ tools:
- api - api
- reporting - reporting
- name: Neo4j - name: Neo4j
icon: 🌐
type: software type: software
description: >- description: >-
Die führende Graph-Datenbank verwandelt komplexe Beziehungsgeflechte in Die führende Graph-Datenbank verwandelt komplexe Beziehungsgeflechte in
@ -654,6 +673,7 @@ tools:
- query-language - query-language
statusUrl: https://status.mikoshi.de/api/badge/32/status statusUrl: https://status.mikoshi.de/api/badge/32/status
- name: QGIS - name: QGIS
icon: 📦
type: software type: software
description: >- description: >-
Das Open-Source-GIS-Kraftpaket für die Visualisierung von Geodaten in Das Open-Source-GIS-Kraftpaket für die Visualisierung von Geodaten in
@ -687,6 +707,7 @@ tools:
- scripting - scripting
- reporting - reporting
- name: Nextcloud - name: Nextcloud
icon: 🌐
type: software type: software
description: >- description: >-
Die Open-Source-Cloud-Suite als sichere Kollaborations-Zentrale für Die Open-Source-Cloud-Suite als sichere Kollaborations-Zentrale für
@ -724,6 +745,7 @@ tools:
- document-management - document-management
statusUrl: https://status.mikoshi.de/api/badge/11/status statusUrl: https://status.mikoshi.de/api/badge/11/status
- name: Gitea - name: Gitea
icon: 🌐
type: software type: software
description: >- description: >-
Das leichtgewichtige Git-Repository für die Versionierung von Das leichtgewichtige Git-Repository für die Versionierung von
@ -755,6 +777,7 @@ tools:
- ci-cd - ci-cd
statusUrl: https://status.mikoshi.de/api/badge/18/status statusUrl: https://status.mikoshi.de/api/badge/18/status
- name: Binwalk - name: Binwalk
icon: 📦
type: software type: software
description: >- description: >-
Der Firmware-Flüsterer, der aus IoT-Geräten und Routern ihre Geheimnisse Der Firmware-Flüsterer, der aus IoT-Geräten und Routern ihre Geheimnisse
@ -786,6 +809,7 @@ tools:
- extraction - extraction
- scripting - scripting
- name: LibreOffice - name: LibreOffice
icon: 📦
type: software type: software
description: >- description: >-
Die freie Office-Suite, die mehr kann als nur Berichte schreiben. Calc Die freie Office-Suite, die mehr kann als nur Berichte schreiben. Calc
@ -847,18 +871,8 @@ tools:
- examination - examination
- analysis - analysis
- reporting - reporting
platforms:
- Windows
- macOS
- Web
domain-agnostic-software:
- collaboration-general
skillLevel: novice skillLevel: novice
accessType: commercial
url: https://www.office.com/ url: https://www.office.com/
projectUrl: ''
license: Proprietary
knowledgebase: false
tags: tags:
- gui - gui
- document-creation - document-creation
@ -866,7 +880,18 @@ tools:
- collaboration - collaboration
- cloud-based - cloud-based
- reporting - reporting
icon: ☁️
platforms:
- Windows
- macOS
- Web
accessType: commercial
license: Proprietary
knowledgebase: false
domain-agnostic-software:
- collaboration-general
- name: GraphSense - name: GraphSense
icon: 🌐
type: software type: software
description: >- description: >-
Die europäische Alternative zu Chainalysis mit Open-Source-Kern und Fokus Die europäische Alternative zu Chainalysis mit Open-Source-Kern und Fokus
@ -898,14 +923,15 @@ tools:
- api - api
- big-data - big-data
- name: FTK Imager - name: FTK Imager
icon: 📦
type: software type: software
description: >- description: >-
Der Oldtimer unter den Imaging-Tools, aber immer noch zuverlässig wie ein Der Oldtimer unter den Imaging-Tools, aber immer noch zuverlässig wie ein
Schweizer Uhrwerk. Erstellt bit-genaue Kopien von Festplatten mit Uhrwerk. Erstellt bit-genaue Kopien von Festplatten mit integrierter
integrierter Hash-Verifizierung für die Beweiskette. Die kostenlose Hash-Verifizierung für die Beweiskette. Die kostenlose Version reicht für
Version reicht für die meisten Aufgaben, unterstützt alle gängigen die meisten Aufgaben, unterstützt alle gängigen Image-Formate. Etwas
Image-Formate. Etwas angestaubt in der Oberfläche, aber bewährt in angestaubt in der Oberfläche, aber bewährt in tausenden Gerichtsverfahren.
tausenden Gerichtsverfahren. Freeware, aber nicht open source. Freeware, aber nicht open source.
domains: domains:
- law-enforcement - law-enforcement
- incident-response - incident-response
@ -928,6 +954,7 @@ tools:
- verification - verification
- write-blocking - write-blocking
- name: Guymager - name: Guymager
icon: 📦
type: software type: software
description: >- description: >-
Das schlanke Linux-Imaging-Tool mit Fokus auf Performance und Das schlanke Linux-Imaging-Tool mit Fokus auf Performance und
@ -957,6 +984,7 @@ tools:
- multi-threading - multi-threading
- write-blocking - write-blocking
- name: Fuji - name: Fuji
icon: 📦
type: software type: software
description: >- description: >-
Der Geheimtipp für macOS-Forensiker - Live-Imaging ohne Der Geheimtipp für macOS-Forensiker - Live-Imaging ohne
@ -986,6 +1014,7 @@ tools:
- filesystem - filesystem
- macos-specific - macos-specific
- name: ALEAPP - name: ALEAPP
icon: 📦
type: software type: software
description: >- description: >-
Android-Forensik leicht gemacht - parst dutzende Apps und System-Artefakte Android-Forensik leicht gemacht - parst dutzende Apps und System-Artefakte
@ -1019,6 +1048,7 @@ tools:
- reporting - reporting
- timeline-analysis - timeline-analysis
- name: iLEAPP - name: iLEAPP
icon: 📦
type: software type: software
description: >- description: >-
Das iOS-Pendant zu ALEAPP mit Fokus auf Apple's geschlossenem Ökosystem. Das iOS-Pendant zu ALEAPP mit Fokus auf Apple's geschlossenem Ökosystem.
@ -1052,6 +1082,7 @@ tools:
- reporting - reporting
- ios-specific - ios-specific
- name: VLEAPP - name: VLEAPP
icon: 📦
type: software type: software
description: >- description: >-
Die Zukunft der Fahrzeug-Forensik für vernetzte Autos und Die Zukunft der Fahrzeug-Forensik für vernetzte Autos und
@ -1086,7 +1117,7 @@ tools:
- name: Kali Linux - name: Kali Linux
type: software type: software
description: >- description: >-
Die Schweizer Armee-Messer-Distribution mit über 600 vorinstallierten Die wohlbekannte Hacker-Distribution mit über 600 vorinstallierten
Security-Tools. Von Forensik über Penetration Testing bis Reverse Security-Tools. Von Forensik über Penetration Testing bis Reverse
Engineering ist alles an Bord. Die Live-Boot-Option ermöglicht forensische Engineering ist alles an Bord. Die Live-Boot-Option ermöglicht forensische
Untersuchungen ohne Installation. Regelmäßige Updates halten die Untersuchungen ohne Installation. Regelmäßige Updates halten die
@ -1100,17 +1131,8 @@ tools:
- mobile-forensics - mobile-forensics
- cloud-forensics - cloud-forensics
- ics-forensics - ics-forensics
phases: []
platforms:
- OS
domain-agnostic-software:
- specific-os
skillLevel: intermediate skillLevel: intermediate
accessType: download
url: https://kali.org/ url: https://kali.org/
projectUrl: null
license: GPL-3.0
knowledgebase: true
tags: tags:
- live-boot - live-boot
- tool-collection - tool-collection
@ -1118,7 +1140,16 @@ tools:
- forensics-suite - forensics-suite
- virtualization - virtualization
- arm-support - arm-support
icon: 🖥
platforms:
- OS
accessType: download
license: GPL-3.0
knowledgebase: true
domain-agnostic-software:
- specific-os
- name: dd - name: dd
icon: 📦
type: software type: software
description: >- description: >-
Das Unix-Urgestein für bit-genaues Kopieren von Datenträgern seit 1974. Das Unix-Urgestein für bit-genaues Kopieren von Datenträgern seit 1974.
@ -1149,6 +1180,7 @@ tools:
- unix-tool - unix-tool
- scripting - scripting
- name: dcfldd - name: dcfldd
icon: 📦
type: software type: software
description: >- description: >-
Die forensische Weiterentwicklung von dd mit eingebauter Die forensische Weiterentwicklung von dd mit eingebauter
@ -1178,6 +1210,7 @@ tools:
- progress-monitoring - progress-monitoring
- split-output - split-output
- name: ewfacquire - name: ewfacquire
icon: 📦
type: software type: software
description: >- description: >-
Das Kommandozeilen-Tool für Expert Witness Format (E01) Images mit Das Kommandozeilen-Tool für Expert Witness Format (E01) Images mit
@ -1208,6 +1241,7 @@ tools:
- metadata - metadata
- verification - verification
- name: PhotoRec - name: PhotoRec
icon: 📦
type: software type: software
description: >- description: >-
Der Datenretter in der Not - findet gelöschte Dateien ohne Der Datenretter in der Not - findet gelöschte Dateien ohne
@ -1240,6 +1274,7 @@ tools:
- signature-based - signature-based
- cross-platform - cross-platform
- name: Kismet - name: Kismet
icon: 📦
type: software type: software
description: >- description: >-
Der WLAN-Schnüffler der Extraklasse für Wireless-Forensik und Der WLAN-Schnüffler der Extraklasse für Wireless-Forensik und
@ -1270,6 +1305,7 @@ tools:
- passive-scanning - passive-scanning
- api - api
- name: OSFMount - name: OSFMount
icon: 📦
type: software type: software
description: >- description: >-
Mountet Disk-Images als virtuelle Laufwerke unter Windows für komfortable Mountet Disk-Images als virtuelle Laufwerke unter Windows für komfortable
@ -1300,6 +1336,7 @@ tools:
- format-support - format-support
- freeware - freeware
- name: Thumbcache Viewer - name: Thumbcache Viewer
icon: 📦
type: software type: software
description: >- description: >-
Spezialist für Windows Thumbnail-Caches mit Zugriff auf gelöschte Spezialist für Windows Thumbnail-Caches mit Zugriff auf gelöschte
@ -1330,6 +1367,7 @@ tools:
- thumbnail-extraction - thumbnail-extraction
- deleted-data - deleted-data
- name: RegRipper - name: RegRipper
icon: 📦
type: software type: software
description: >- description: >-
Der Windows-Registry-Experte mit hunderten Plugins für automatisierte Der Windows-Registry-Experte mit hunderten Plugins für automatisierte
@ -1368,24 +1406,15 @@ tools:
Regelbasierte Suche nach Strings, Byte-Sequenzen und regulären Ausdrücken. Regelbasierte Suche nach Strings, Byte-Sequenzen und regulären Ausdrücken.
De-facto Standard für Malware-Signaturen mit riesiger De-facto Standard für Malware-Signaturen mit riesiger
Community-Rule-Sammlung. Integration in viele Forensik-Tools macht es zum Community-Rule-Sammlung. Integration in viele Forensik-Tools macht es zum
universellen Schweizer Messer. Marktstandard.
domains: domains:
- incident-response - incident-response
- malware-analysis - malware-analysis
phases: phases:
- examination - examination
- analysis - analysis
platforms:
- Windows
- Linux
- macOS
domain-agnostic-software: null
skillLevel: intermediate skillLevel: intermediate
accessType: download
url: https://virustotal.github.io/yara/ url: https://virustotal.github.io/yara/
projectUrl: ''
license: BSD-3-Clause
knowledgebase: false
tags: tags:
- commandline - commandline
- pattern-matching - pattern-matching
@ -1393,7 +1422,16 @@ tools:
- rule-engine - rule-engine
- library - library
- signature-based - signature-based
icon: 🛠
platforms:
- Windows
- Linux
- macOS
accessType: download
license: BSD-3-Clause
knowledgebase: false
- name: Strings - name: Strings
icon: 📦
type: software type: software
description: >- description: >-
Das simple Tool mit großer Wirkung - extrahiert lesbare Texte aus Das simple Tool mit großer Wirkung - extrahiert lesbare Texte aus
@ -1434,21 +1472,12 @@ tools:
Anreicherung großer Datensätze. Anreicherung großer Datensätze.
domains: domains:
- incident-response - incident-response
- network-forensics
- fraud-investigation - fraud-investigation
- network-forensics
phases: phases:
- analysis - analysis
platforms:
- Windows
- Linux
- macOS
domain-agnostic-software: null
skillLevel: beginner skillLevel: beginner
accessType: download
url: https://www.maxmind.com/ url: https://www.maxmind.com/
projectUrl: ''
license: GeoLite2 EULA / Commercial
knowledgebase: false
tags: tags:
- api - api
- geolocation - geolocation
@ -1456,6 +1485,14 @@ tools:
- database - database
- enrichment - enrichment
- library - library
icon: 🗄
platforms:
- Windows
- Linux
- macOS
accessType: download
license: GeoLite2 EULA / Commercial
knowledgebase: false
- name: SIFT Workstation - name: SIFT Workstation
type: software type: software
description: >- description: >-
@ -1470,17 +1507,8 @@ tools:
- malware-analysis - malware-analysis
- network-forensics - network-forensics
- mobile-forensics - mobile-forensics
phases: []
platforms:
- OS
domain-agnostic-software:
- specific-os
skillLevel: intermediate skillLevel: intermediate
accessType: download
url: https://www.sans.org/tools/sift-workstation/ url: https://www.sans.org/tools/sift-workstation/
projectUrl: ''
license: Free / Mixed
knowledgebase: false
tags: tags:
- virtual-machine - virtual-machine
- tool-collection - tool-collection
@ -1488,6 +1516,14 @@ tools:
- training-focused - training-focused
- documentation - documentation
- ubuntu-based - ubuntu-based
icon: 🖥
platforms:
- OS
accessType: download
license: Free / Mixed
knowledgebase: false
domain-agnostic-software:
- specific-os
- name: Tsurugi Linux - name: Tsurugi Linux
type: software type: software
description: >- description: >-
@ -1503,21 +1539,22 @@ tools:
- law-enforcement - law-enforcement
- malware-analysis - malware-analysis
- mobile-forensics - mobile-forensics
platforms:
- OS
domain-agnostic-software:
- specific-os
skillLevel: intermediate skillLevel: intermediate
accessType: download
url: https://tsurugi-linux.org/ url: https://tsurugi-linux.org/
license: GPL / Mixed
knowledgebase: false
tags: tags:
- live-boot - live-boot
- tool-collection - tool-collection
- forensics-suite - forensics-suite
- mobile-focus - mobile-focus
- lightweight - lightweight
icon: 🖥
platforms:
- OS
accessType: download
license: GPL / Mixed
knowledgebase: false
domain-agnostic-software:
- specific-os
- name: Parrot Security OS - name: Parrot Security OS
type: software type: software
description: >- description: >-
@ -1531,17 +1568,8 @@ tools:
- law-enforcement - law-enforcement
- malware-analysis - malware-analysis
- network-forensics - network-forensics
phases: []
platforms:
- OS
domain-agnostic-software:
- specific-os
skillLevel: intermediate skillLevel: intermediate
accessType: download
url: https://parrotsec.org/ url: https://parrotsec.org/
projectUrl: ''
license: GPL-3.0
knowledgebase: false
tags: tags:
- live-boot - live-boot
- privacy-focused - privacy-focused
@ -1549,7 +1577,16 @@ tools:
- rolling-release - rolling-release
- lightweight - lightweight
- anonymization - anonymization
icon: 🖥
platforms:
- OS
accessType: download
license: GPL-3.0
knowledgebase: false
domain-agnostic-software:
- specific-os
- name: Eric Zimmerman Tools - name: Eric Zimmerman Tools
icon: 📦
type: software type: software
description: >- description: >-
Die Tool-Sammlung des Windows-Forensik-Gurus für Artefakt-Analyse. Von Die Tool-Sammlung des Windows-Forensik-Gurus für Artefakt-Analyse. Von
@ -1579,6 +1616,7 @@ tools:
- tool-collection - tool-collection
- artifact-extraction - artifact-extraction
- name: Impacket - name: Impacket
icon: 📦
type: software type: software
description: >- description: >-
Python-Bibliothek für Netzwerk-Protokoll-Manipulation und Python-Bibliothek für Netzwerk-Protokoll-Manipulation und
@ -1612,6 +1650,7 @@ tools:
- scripting - scripting
- api - api
- name: RSA NetWitness - name: RSA NetWitness
icon: 📦
type: software type: software
description: >- description: >-
Enterprise-Grade SIEM und Forensik-Plattform für große Netzwerke. Enterprise-Grade SIEM und Forensik-Plattform für große Netzwerke.
@ -1644,6 +1683,7 @@ tools:
- machine-learning - machine-learning
- enterprise - enterprise
- name: X-Ways Forensics - name: X-Ways Forensics
icon: 📦
type: software type: software
description: >- description: >-
Der deutsche Präzisionsskalpell unter den Forensik-Tools mit Der deutsche Präzisionsskalpell unter den Forensik-Tools mit
@ -1674,6 +1714,7 @@ tools:
- german-made - german-made
- hex-editor - hex-editor
- name: EnCase - name: EnCase
icon: 📦
type: software type: software
description: >- description: >-
Der Veteran der kommerziellen Forensik-Tools mit 25 Jahren Der Veteran der kommerziellen Forensik-Tools mit 25 Jahren
@ -1705,6 +1746,7 @@ tools:
- certification - certification
- scripting - scripting
- name: FRED - name: FRED
icon: 🔧
type: software type: software
description: >- description: >-
Forensic Recovery of Evidence Device - spezialisierte Hardware für Forensic Recovery of Evidence Device - spezialisierte Hardware für
@ -1745,20 +1787,22 @@ tools:
- data-collection - data-collection
- examination - examination
- analysis - analysis
platforms:
- Windows
- Linux
- macOS
skillLevel: advanced skillLevel: advanced
accessType: download
url: https://github.com/microsoft/ics-forensics-tools url: https://github.com/microsoft/ics-forensics-tools
license: MIT
knowledgebase: false
tags: tags:
- python - python
- binary - binary
- scripting - scripting
- name: "Live Memory Acquisition Procedure" icon: 🛠
platforms:
- Windows
- Linux
- macOS
accessType: download
license: MIT
knowledgebase: false
- name: Live Memory Acquisition Procedure
icon: 📋
type: method type: method
description: >- description: >-
Standardisiertes Verfahren zur forensisch korrekten Akquisition des Standardisiertes Verfahren zur forensisch korrekten Akquisition des
@ -1777,8 +1821,9 @@ tools:
domain-agnostic-software: null domain-agnostic-software: null
skillLevel: advanced skillLevel: advanced
accessType: null accessType: null
url: https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response url: >-
projectUrl: https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response
projectUrl: null
license: null license: null
knowledgebase: false knowledgebase: false
tags: tags:
@ -1788,7 +1833,8 @@ tools:
- ram-dump - ram-dump
- evidence-preservation - evidence-preservation
- procedure - procedure
- name: "Rapid Incident Response Triage on macOS" - name: Rapid Incident Response Triage on macOS
icon: 📋
type: method type: method
description: >- description: >-
Spezialisierte Methodik für die schnelle Incident Response auf Spezialisierte Methodik für die schnelle Incident Response auf
@ -1796,8 +1842,8 @@ tools:
Artefakte in unter einer Stunde. Adressiert die Lücke zwischen Artefakte in unter einer Stunde. Adressiert die Lücke zwischen
Windows-zentrierten IR-Prozessen und macOS-spezifischen Windows-zentrierten IR-Prozessen und macOS-spezifischen
Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente
Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für
für Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften. Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften.
domains: domains:
- incident-response - incident-response
- law-enforcement - law-enforcement
@ -1809,10 +1855,11 @@ tools:
domain-agnostic-software: null domain-agnostic-software: null
skillLevel: intermediate skillLevel: intermediate
accessType: null accessType: null
url: https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/ url: >-
projectUrl: https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/
projectUrl: null
license: null license: null
knowledgebase: knowledgebase: null
tags: tags:
- macos - macos
- rapid-response - rapid-response
@ -1822,14 +1869,15 @@ tools:
- enterprise - enterprise
- methodology - methodology
- apple - apple
- name: "Aftermath" - name: Aftermath
icon: 📦
type: software type: software
description: >- description: >-
Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte
auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen, auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen,
Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne
ohne Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in
in Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und
erstellt durchsuchbare Ausgabeformate für effiziente Analyse. erstellt durchsuchbare Ausgabeformate für effiziente Analyse.
domains: domains:
- incident-response - incident-response

7
src/pages/index.astro
View File

@ -353,13 +353,12 @@ function createToolCard(tool) {
cardDiv.style.cursor = 'pointer'; cardDiv.style.cursor = 'pointer';
cardDiv.onclick = () => (window as any).showToolDetails(tool.name); cardDiv.onclick = () => (window as any).showToolDetails(tool.name);
cardDiv.innerHTML = ` cardDiv.innerHTML = `
<div class="tool-card-header"> <div class="tool-card-header">
<h3>${tool.name}</h3> <h3>${tool.icon ? `<span style="margin-right: 0.5rem; font-size: 1.125rem;">${tool.icon}</span>` : ''}${tool.name}</h3>
<div class="tool-card-badges"> <div class="tool-card-badges">
${isMethod ? '<span class="badge" style="background-color: var(--color-method); color: white;">Methode</span>' : ''} ${!isMethod && hasValidProjectUrl ? '<span class="badge badge-primary">Self-Hosted</span>' : ''}
${!isMethod && hasValidProjectUrl ? '<span class="badge badge-primary">CC24-Server</span>' : ''}
${!isMethod && tool.license !== 'Proprietary' ? '<span class="badge badge-success">OSS</span>' : ''}
${hasKnowledgebase ? '<span class="badge badge-error">📖</span>' : ''} ${hasKnowledgebase ? '<span class="badge badge-error">📖</span>' : ''}
</div> </div>
</div> </div>

2
src/utils/dataService.ts
View File

@ -5,7 +5,7 @@ import { z } from 'zod';
const ToolSchema = z.object({ const ToolSchema = z.object({
name: z.string(), name: z.string(),
icon: z.string().optional(), icon: z.string().optional().nullable(),
type: z.string(), type: z.string(),
description: z.string(), description: z.string(),
domains: z.array(z.string()).optional().nullable().default([]), domains: z.array(z.string()).optional().nullable().default([]),