From d18cc060e50fb80278e4253a5a5ff07174b376a8 Mon Sep 17 00:00:00 2001 From: overcuriousity Date: Tue, 15 Jul 2025 14:55:10 +0200 Subject: [PATCH] =?UTF-8?q?layout=20verbessert,=20Tools=20=C3=BCberarbeite?= =?UTF-8?q?t=20(KI)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dfir_yaml_editor.html | 1335 +++++++++++++++++++++++++++++++ src/components/ToolCard.astro | 6 +- src/components/ToolMatrix.astro | 10 +- src/data/tools.yaml | 1152 ++++++++++++++++---------- src/pages/index.astro | 6 +- 5 files changed, 2062 insertions(+), 447 deletions(-) create mode 100644 dfir_yaml_editor.html diff --git a/dfir_yaml_editor.html b/dfir_yaml_editor.html new file mode 100644 index 0000000..8e86706 --- /dev/null +++ b/dfir_yaml_editor.html @@ -0,0 +1,1335 @@ + + + + + + DFIR Tools YAML Editor + + + + +
+
+

🔧 DFIR Tools YAML Editor

+

Comprehensive editor for Digital Forensics and Incident Response tools database

+
+ +
+
📊 Overview
+
🛠️ Tools
+
✏️ Editor
+
📋 Bulk Edit
+
💾 Export
+
+ + +
+
+

📁 Load YAML File

+ + + +
+ + +
+ + +
+ +
+
+ + +
+
+

Add New Tool

+
+
+
+ + +
+
+ + +
+
+ +
+ + +
+ +
+
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ + +
+
+ + +
+
+ +
+ +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+
+ +
+ +
+
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+ + + +
+
+
+
+ + +
+
+

🔄 Bulk Operations

+

Select multiple tools to perform bulk operations

+ +
+ + + 0 selected +
+ +
+ + + + +
+ +
+ + + + +
+ +
+ + + + +
+
+ +
+
+ + +
+
+

💾 Export Options

+

Download your edited YAML file

+ +
+ + +
+
+ + +
+
+ + + + \ No newline at end of file diff --git a/src/components/ToolCard.astro b/src/components/ToolCard.astro index 0e334fb..5f33c2b 100644 --- a/src/components/ToolCard.astro +++ b/src/components/ToolCard.astro @@ -28,7 +28,7 @@ const hasValidProjectUrl = tool.projectUrl !== undefined && const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'Proprietary' ? 'card card-oss' : 'card'); --- -
+

{tool.name}

@@ -83,7 +83,7 @@ const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'P {hasValidProjectUrl ? ( -
+
Software-Homepage @@ -93,7 +93,7 @@ const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'P
) : ( - + Software-Homepage )} diff --git a/src/components/ToolMatrix.astro b/src/components/ToolMatrix.astro index 60931d9..5a84ae5 100644 --- a/src/components/ToolMatrix.astro +++ b/src/components/ToolMatrix.astro @@ -250,12 +250,12 @@ domains.forEach((domain: any) => { const phasesText = tool.phases.join(', '); metadataContainer.innerHTML = `
-
Platforms: ${tool.platforms.join(', ')}
+
Betriebssystem: ${tool.platforms.join(', ')}
Skill Level: ${tool.skillLevel}
-
License: ${tool.license}
-
Access Type: ${tool.accessType}
-
Domains: ${domainsText}
-
Phases: ${phasesText}
+
Lizenzmodell: ${tool.license}
+
Deployment: ${tool.accessType}
+
Einsatzgebiete: ${domainsText}
+
Ermittlungsphasen: ${phasesText}
`; diff --git a/src/data/tools.yaml b/src/data/tools.yaml index eb162ac..97ff797 100644 --- a/src/data/tools.yaml +++ b/src/data/tools.yaml @@ -1,512 +1,790 @@ -# DFIR Tools Database -# Each tool can appear in multiple domains and phases -# Self-hosted services have isHosted: true and statusUrl for monitoring - tools: - - name: "Autopsy" - description: "Open-Source digitale Forensik-Plattform mit grafischer Benutzeroberfläche für Festplatten- und Dateisystemanalyse" - domains: - - "storage-file-system" - - "application-code" - phases: - - "Auswertung" - - "Analyse" - platforms: ["Windows", "Linux", "macOS"] - skillLevel: "intermediate" - accessType: "download" - url: "https://www.autopsy.com/" - projectUrl: "" - license: "Apache 2.0" - tags: ["disk", "recovery", "timeline", "opensource"] - - - name: "Volatility 3" - description: "Fortgeschrittenes Memory-Forensik-Framework für Incident Response und Malware-Analyse mit Plugin-Architektur" + # Disk & File System Analysis Tools + - name: Autopsy + description: >- + Open-Source digitale Forensik-Plattform mit grafischer Benutzeroberfläche + für Festplatten- und Dateisystemanalyse. Besonders geeignet für die + Analyse-Phase mit umfangreichen Carving- und Timeline-Funktionen. domains: - - "memory-runtime" + - incident-response + - law-enforcement + - malware-analysis phases: - - "Auswertung" - - "Analyse" - platforms: ["Windows", "Linux", "macOS"] - skillLevel: "advanced" - accessType: "download" - url: "https://www.volatilityfoundation.org/" - projectUrl: "" - license: "VSL" - tags: ["memory", "malware", "runtime", "plugins"] + - data-collection + - examination + - analysis + platforms: + - Windows + - Linux + - macOS + skillLevel: intermediate + accessType: download + url: https://www.autopsy.com/ + projectUrl: '' + license: Apache 2.0 + tags: + - disk-imaging + - file-carving + - timeline-analysis + - registry-analysis + - windows-artifacts + - linux-artifacts + - hash-verification + - dead-box-forensics + - plugin-architecture + - csv-export - - name: "TheHive" - description: "Kollaborative Security-Incident-Response-Plattform für SOCs, CERTs und Sicherheitsteams mit Case-Management" + # Memory Analysis Tools + - name: Volatility 3 + description: >- + Fortgeschrittenes Memory-Forensik-Framework für Incident Response und + Malware-Analyse mit Plugin-Architektur. Hauptsächlich für die + Auswertungs- und Analysephase von RAM-Dumps geeignet. domains: - - "storage-file-system" - - "network-communication" - - "application-code" + - incident-response + - malware-analysis + - law-enforcement phases: - - "data-collection" - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "self-hosted" - url: "https://strangebee.com/" - projectUrl: "" - license: "AGPL-3.0" - tags: ["incident-response", "case-management", "collaboration", "workflow"] - statusUrl: "https://uptime.example.lab/api/badge/1/status" + - examination + - analysis + platforms: + - Windows + - Linux + - macOS + skillLevel: advanced + accessType: download + url: https://www.volatilityfoundation.org/ + projectUrl: '' + license: VSL + tags: + - memory-analysis + - malware-detection + - process-analysis + - plugin-architecture + - python-scripting + - windows-artifacts + - linux-artifacts + - live-forensics + - dead-box-forensics + - json-export - - name: "MISP" - description: "Threat-Intelligence-Plattform für strukturierten Austausch von Indicators of Compromise (IoCs) und Bedrohungsinformationen" + # Incident Response Platforms + - name: TheHive 5 + description: >- + Kollaborative Security-Incident-Response-Plattform für SOCs, CERTs und + Sicherheitsteams mit Case-Management. Ideal für alle Phasen einer + Untersuchung, besonders für Koordination und Berichterstattung. domains: - - "network-communication" - - "application-code" + - incident-response + - law-enforcement + - fraud-investigation phases: - - "data-collection" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "self-hosted" - url: "https://misp-project.org/" - projectUrl: "https://misp.cc24.dev" - license: "AGPL-3.0" - tags: ["threat-intelligence", "ioc", "sharing", "automation"] - statusUrl: "https://status.mikoshi.de/api/badge/34/status" + - data-collection + - examination + - analysis + - reporting + - collaboration + platforms: + - Web + skillLevel: intermediate + accessType: self-hosted + url: https://strangebee.com/ + projectUrl: '' + license: Community Edition (Free) / Commercial + tags: + - case-management + - team-collaboration + - api-available + - automation + - misp-integration + - alert-management + - multi-tenancy + - workflow-automation + - json-export + - reporting-tools + statusUrl: https://uptime.example.lab/api/badge/1/status - - name: "Timesketch" - description: "Kollaborative forensische Timeline-Analyse-Plattform für chronologische Ereigniskorrelation und -visualisierung" + - name: MISP + description: >- + Threat-Intelligence-Plattform für strukturierten Austausch von IoCs. + Primär für Datensammlung und -anreicherung, unterstützt aber auch + Analyse durch Korrelation von Bedrohungsdaten. domains: - - "storage-file-system" - - "network-communication" + - incident-response + - malware-analysis + - network-forensics phases: - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "self-hosted" - url: "https://timesketch.org/" - projectUrl: "https://timesketch.cc24.dev" - license: "Apache 2.0" - tags: ["timeline", "visualization", "collaboration", "correlation"] - statusUrl: "https://uptime.example.lab/api/badge/3/status" + - data-collection + - examination + - analysis + - collaboration + platforms: + - Web + skillLevel: intermediate + accessType: self-hosted + url: https://misp-project.org/ + projectUrl: https://misp.cc24.dev + license: AGPL-3.0 + tags: + - threat-intelligence + - ioc-sharing + - api-available + - automation + - correlation-engine + - taxonomy-support + - feed-integration + - json-export + - stix-support + statusUrl: https://status.mikoshi.de/api/badge/34/status - - name: "Wireshark" - description: "Netzwerk-Protokoll-Analyzer für Paketaufzeichnung und -analyse mit umfangreichen Dekodierungsfähigkeiten" + - name: Timesketch + description: >- + Kollaborative forensische Timeline-Analyse-Plattform. Hauptsächlich + für die Analysephase konzipiert, unterstützt chronologische + Ereigniskorrelation aus verschiedenen Quellen. domains: - - "network-communication" + - incident-response + - law-enforcement + - fraud-investigation phases: - - "data-collection" - - "Auswertung" - - "Analyse" - platforms: ["Windows", "Linux", "macOS"] - skillLevel: "intermediate" - accessType: "download" - url: "https://www.wireshark.org/" - projectUrl: "" - license: "GPL-2.0" - tags: ["network", "pcap", "protocol", "realtime"] + - analysis + - reporting + platforms: + - Web + skillLevel: intermediate + accessType: self-hosted + url: https://timesketch.org/ + projectUrl: https://timesketch.cc24.dev + license: Apache 2.0 + tags: + - timeline-analysis + - data-visualization + - plaso-integration + - collaborative-analysis + - search-capabilities + - event-correlation + - csv-import + - api-available + statusUrl: https://uptime.example.lab/api/badge/3/status - - name: "EnCase" - description: "Kommerzielle digitale Ermittlungsplattform mit gerichtlich anerkannten Forensik-Funktionen und umfassender Berichterstattung" + # Network Analysis Tools + - name: Wireshark + description: >- + Netzwerk-Protokoll-Analyzer für Paketaufzeichnung und -analyse. + Primär für Datensammlung und Auswertung von Netzwerkverkehr, + unterstützt über 2000 Protokolle. domains: - - "storage-file-system" - - "memory-runtime" + - network-forensics + - incident-response + - malware-analysis phases: - - "data-collection" - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Windows"] - skillLevel: "advanced" - accessType: "commercial" - url: "https://www.opentext.com/products/encase-forensic" - projectUrl: "" - license: "Proprietary" - tags: ["commercial", "enterprise", "court-approved", "comprehensive"] - - - name: "Cuckoo Sandbox" - description: "Automatisiertes Malware-Analysesystem mit virtualisierter Umgebung für dynamische Verhaltensanalyse" + - data-collection + - examination + - analysis + platforms: + - Windows + - Linux + - macOS + skillLevel: intermediate + accessType: download + url: https://www.wireshark.org/ + projectUrl: '' + license: GPL-2.0 + tags: + - packet-capture + - protocol-analysis + - live-capture + - pcap-analysis + - filter-capabilities + - statistics-generation + - export-formats + - plugin-support + - tls-decryption + + # Commercial Tools (Well-known) + - name: Magnet AXIOM + description: >- + Umfassende digitale Forensik-Plattform für Computer und Mobilgeräte. + Deckt alle Phasen ab mit besonderem Fokus auf automatisierte + Artefakt-Erkennung und Cloud-Forensik. domains: - - "application-code" - - "network-communication" + - law-enforcement + - incident-response + - mobile-forensics + - cloud-forensics phases: - - "Auswertung" - - "Analyse" - platforms: ["Linux"] - skillLevel: "advanced" - accessType: "self-hosted" - url: "https://cuckoosandbox.org/" - projectUrl: "" - license: "GPL-3.0" - tags: ["malware", "sandbox", "dynamic-Analyse", "automation"] - statusUrl: "" + - data-collection + - examination + - analysis + - reporting + platforms: + - Windows + skillLevel: intermediate + accessType: commercial + url: https://www.magnetforensics.com/products/magnet-axiom/ + projectUrl: '' + license: Proprietary + tags: + - mobile-forensics + - cloud-acquisition + - artifact-recovery + - timeline-generation + - ai-categorization + - report-generation + - court-admissible + - image-analysis - - name: "FTK Imager" - description: "Forensisches Imaging- und Vorschau-Tool für Erstellung forensischer Kopien und erste Datenanalyse" + - name: Cellebrite UFED + description: >- + Führende Mobile-Forensik-Lösung für Extraktion und Analyse von + Smartphones und Tablets. Primär für Datensammlung und Auswertung + mobiler Geräte konzipiert. domains: - - "storage-file-system" + - law-enforcement + - mobile-forensics + - incident-response phases: - - "data-collection" - - "Auswertung" - platforms: ["Windows"] - skillLevel: "intermediate" - accessType: "download" - url: "https://exterro.com/ftk-imager" - projectUrl: "" - license: "Proprietary" - tags: ["imaging", "preview", "acquisition", "freeware"] + - data-collection + - examination + - analysis + platforms: + - Windows + - Hardware + skillLevel: intermediate + accessType: commercial + url: https://cellebrite.com/en/ufed/ + projectUrl: '' + license: Proprietary + tags: + - mobile-extraction + - physical-extraction + - logical-extraction + - password-bypass + - app-analysis + - deleted-data-recovery + - report-generation + - court-admissible - - name: "GRR Rapid Response" - description: "Remote-Live-Forensik-Plattform von Google für skalierbare Incident-Response auf Unternehmensnetzwerken" + # Malware Analysis Tools + - name: Cuckoo Sandbox 3 + description: >- + Automatisiertes Malware-Analysesystem der neuesten Generation. + Hauptsächlich für die Analysephase mit dynamischer Verhaltensanalyse + in isolierten Umgebungen. domains: - - "platform-infrastructure" - - "storage-file-system" + - malware-analysis + - incident-response phases: - - "data-collection" - - "Auswertung" - platforms: ["Linux", "Windows"] - skillLevel: "advanced" - accessType: "self-hosted" - url: "https://github.com/google/grr" - projectUrl: "" - license: "Apache 2.0" - tags: ["live-forensics", "remote", "scalable", "enterprise"] - statusUrl: "" + - analysis + platforms: + - Linux + skillLevel: advanced + accessType: self-hosted + url: https://github.com/cert-ee/cuckoo3 + projectUrl: '' + license: GPL-3.0 + tags: + - dynamic-analysis + - behavior-monitoring + - sandbox-analysis + - api-monitoring + - network-monitoring + - yara-integration + - automated-analysis + - json-export + - malware-detection + statusUrl: '' - - name: "Plaso (log2timeline)" - description: "Tool zur automatischen Erstellung von Super-Timelines aus verschiedenen Log-Dateien und Artefakten" + - name: Ghidra + description: >- + NSA-entwickeltes Reverse-Engineering-Framework für statische + Malware-Analyse. Primär für tiefgehende Code-Analyse in der + Analysephase. domains: - - "storage-file-system" - - "application-code" + - malware-analysis + - ics-forensics phases: - - "Analyse" - platforms: ["Linux", "Windows", "macOS"] - skillLevel: "intermediate" - accessType: "download" - url: "https://plaso.readthedocs.io/" - projectUrl: "" - license: "Apache 2.0" - tags: ["timeline", "log-parsing", "correlation", "automation"] + - analysis + platforms: + - Windows + - Linux + - macOS + skillLevel: expert + accessType: download + url: https://ghidra-sre.org/ + projectUrl: '' + license: Apache 2.0 + tags: + - reverse-engineering + - disassembly + - decompilation + - scripting-support + - multi-architecture + - collaborative-re + - plugin-architecture + - binary-analysis - - name: "NetworkMiner" - description: "Netzwerk-Forensik-Analyse-Tool für Paket-Sniffing und Extraktion von Dateien, Bildern und Anmeldedaten" + # Data Processing & Analysis + - name: Plaso (log2timeline) + description: >- + Tool zur automatischen Erstellung von Super-Timelines. Hauptsächlich + für Datensammlung und Auswertung, bereitet Zeitstempel-Daten für + die Analyse vor. domains: - - "network-communication" + - incident-response + - law-enforcement + - fraud-investigation phases: - - "Auswertung" - - "Analyse" - platforms: ["Windows", "Linux (Mono)"] - skillLevel: "intermediate" - accessType: "download" - url: "https://www.netresec.com/?page=NetworkMiner" - projectUrl: "" - license: "Freeware/Commercial" - tags: ["pcap", "passive", "extraction", "credentials"] + - data-collection + - examination + platforms: + - Linux + - Windows + - macOS + skillLevel: intermediate + accessType: download + url: https://plaso.readthedocs.io/ + projectUrl: '' + license: Apache 2.0 + tags: + - timeline-generation + - log-parsing + - artifact-parsing + - multi-format-support + - elasticsearch-output + - timesketch-integration + - automation + - batch-processing - - name: "Redline" - description: "Memory- und Host-Analyse-Tool von FireEye/Mandiant für IOC-Scanning und Endpoint-Forensik" + - name: CyberChef + description: >- + Web-basiertes Tool für Datenmanipulation und -analyse. Vielseitig + einsetzbar in Auswertung und Analyse für Dekodierung, Verschlüsselung + und Datenextraktion. domains: - - "memory-runtime" - - "application-code" + - incident-response + - malware-analysis + - network-forensics + - fraud-investigation phases: - - "Auswertung" - - "Analyse" - platforms: ["Windows"] - skillLevel: "intermediate" - accessType: "download" - url: "https://www.mandiant.com/resources/download/redline" - projectUrl: "" - license: "Proprietary" - tags: ["memory", "ioc", "endpoint", "freeware"] + - examination + - analysis + platforms: + - Web + skillLevel: beginner + accessType: web-based + url: https://gchq.github.io/CyberChef/ + projectUrl: '' + license: Apache 2.0 + tags: + - data-transformation + - encoding-decoding + - encryption-tools + - regex-extraction + - file-analysis + - magic-detection + - recipe-automation + - offline-capable - - name: "KAPE" - description: "Triage-Tool für schnelle Sammlung und Parsing forensischer Artefakte mit modularem Ansatz" + # Remote Forensics & Endpoint Detection + - name: Velociraptor + description: >- + Endpoint-Visibility- und DFIR-Tool für Hunting und Remote-Forensik. + Exzellent für Datensammlung in großen Netzwerken, unterstützt + alle Phasen durch VQL-Abfragen. domains: - - "storage-file-system" - - "platform-infrastructure" + - incident-response + - malware-analysis + - law-enforcement phases: - - "data-collection" - - "Analyse" - platforms: ["Windows"] - skillLevel: "intermediate" - accessType: "download" - url: "https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape" - projectUrl: "" - license: "Freeware" - tags: ["triage", "artifacts", "modular", "fast"] + - data-collection + - examination + - analysis + - reporting + platforms: + - Windows + - Linux + - macOS + skillLevel: advanced + accessType: self-hosted + url: https://www.velociraptor.app/ + projectUrl: https://raptor.cc24.dev + license: Apache 2.0 + tags: + - remote-collection + - live-forensics + - hunt-queries + - vql-language + - artifact-collection + - event-monitoring + - scalable-deployment + - api-available + - reporting-notebooks + statusUrl: https://status.mikoshi.de/api/badge/33/status - - name: "Velociraptor" - description: "Endpoint-Visibility- und DFIR-Tool für Hunting, Monitoring und Remote-Forensik mit VQL-Abfragesprache" + - name: GRR Rapid Response + description: >- + Remote-Live-Forensik von Google für skalierbare Incident-Response. + Fokus auf Datensammlung in Unternehmensnetzwerken mit + Hunt-Funktionalität. domains: - - "platform-infrastructure" - - "storage-file-system" + - incident-response + - law-enforcement phases: - - "data-collection" - - "Auswertung" - platforms: ["Windows", "Linux", "macOS"] - skillLevel: "advanced" - accessType: "self-hosted" - url: "https://www.velociraptor.app/" - projectUrl: "https://raptor.cc24.dev" - license: "Apache 2.0" - tags: ["hunting", "endpoint", "monitoring", "vql"] - statusUrl: "https://status.mikoshi.de/api/badge/33/status" + - data-collection + - examination + platforms: + - Linux + - Windows + - macOS + skillLevel: advanced + accessType: self-hosted + url: https://github.com/google/grr + projectUrl: '' + license: Apache 2.0 + tags: + - remote-forensics + - scalable-collection + - hunt-capability + - flow-automation + - artifact-collection + - memory-acquisition + - api-available + - enterprise-ready + statusUrl: '' - - name: "Arkime" - description: "Skalierbare Full-Packet-Capture- und Analyseplattform für große Netzwerkumgebungen" + # Network Packet Analysis + - name: Arkime (formerly Moloch) + description: >- + Skalierbare Full-Packet-Capture-Plattform für große Netzwerke. + Primär für Datensammlung und Auswertung von Netzwerkverkehr + über längere Zeiträume. domains: - - "network-communication" + - network-forensics + - incident-response phases: - - "data-collection" - - "Analyse" - platforms: ["Linux"] - skillLevel: "advanced" - accessType: "self-hosted" - url: "https://arkime.com/" - projectUrl: "" - license: "Apache 2.0" - tags: ["pcap", "scalable", "indexing", "search"] - statusUrl: "" + - data-collection + - examination + - analysis + platforms: + - Linux + skillLevel: expert + accessType: self-hosted + url: https://arkime.com/ + projectUrl: '' + license: Apache 2.0 + tags: + - full-packet-capture + - pcap-indexing + - session-analysis + - elasticsearch-backend + - api-available + - scalable-storage + - query-language + - visualization + statusUrl: '' - - name: "X-Ways Forensics" - description: "Fortgeschrittene Arbeitsumgebung für Computer-Forensik-Prüfer mit effizienter Dateiwiederherstellung" + - name: NetworkMiner + description: >- + Netzwerk-Forensik-Tool für Paket-Analyse und Datei-Extraktion. + Spezialisiert auf Auswertung von PCAP-Dateien und Extraktion + übertragener Inhalte. domains: - - "storage-file-system" + - network-forensics + - incident-response phases: - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Windows"] - skillLevel: "advanced" - accessType: "commercial" - url: "https://www.x-ways.net/forensics/" - projectUrl: "" - license: "Proprietary" - tags: ["disk", "recovery", "commercial", "efficient"] + - examination + - analysis + platforms: + - Windows + - Linux (Mono) + skillLevel: beginner + accessType: download + url: https://www.netresec.com/?page=NetworkMiner + projectUrl: '' + license: GPL-2.0 / Commercial + tags: + - pcap-analysis + - file-extraction + - credential-extraction + - os-fingerprinting + - session-reconstruction + - image-extraction + - certificate-extraction + - passive-analysis - # Multimedia Forensics Tools - - name: "Amped FIVE" - description: "Umfassende forensische Bild- und Videoanalyse-Software mit über 140 wissenschaftlich validierten Filtern für Verbesserung und Authentifizierung" + # Triage & Collection Tools + - name: KAPE + description: >- + Kroll Artifact Parser and Extractor für schnelle Triage. + Hauptsächlich für automatisierte Datensammlung mit modularem + Ansatz und Target/Module-System. domains: - - "multimedia-content" + - incident-response + - law-enforcement phases: - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Windows"] - skillLevel: "intermediate" - accessType: "commercial" - url: "https://ampedsoftware.com/five" - projectUrl: "" - license: "Proprietary" - tags: ["video", "image", "enhancement", "court-accepted"] + - data-collection + - examination + platforms: + - Windows + skillLevel: intermediate + accessType: download + url: >- + https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape + projectUrl: '' + license: Freeware + tags: + - triage-collection + - artifact-parsing + - modular-framework + - target-system + - batch-processing + - portable-tool + - automated-collection + - windows-artifacts - - name: "Cognitech TriSuite64" - description: "Forensische Video-Analyse-Suite mit patentierten 3D-Photogrammetrie-Funktionen für Tatortmessungen und Fahrzeugidentifikation" + # Metadata & File Analysis + - name: ExifTool + description: >- + Universelles Metadaten-Tool für über 200 Dateiformate. Unverzichtbar + für Auswertung von Bild- und Dokumentmetadaten in allen + forensischen Szenarien. domains: - - "multimedia-content" + - law-enforcement + - incident-response + - fraud-investigation phases: - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Windows"] - skillLevel: "advanced" - accessType: "commercial" - url: "https://cognitech.com/" - projectUrl: "" - license: "Proprietary" - tags: ["video", "3d-Analyse", "photogrammetry", "measurement"] + - examination + - analysis + platforms: + - Windows + - Linux + - macOS + skillLevel: novice + accessType: download + url: https://exiftool.org/ + projectUrl: '' + license: Perl Artistic License + tags: + - metadata-extraction + - exif-analysis + - gps-extraction + - batch-processing + - command-line + - scripting-support + - multi-format + - portable-tool - - name: "ExifTool" - description: "Plattformunabhängiges Tool zum Lesen, Schreiben und Bearbeiten von Metadaten in über 200 Dateiformaten" + # Financial & Fraud Investigation + - name: Chainalysis + description: >- + Führende Blockchain-Intelligence-Plattform für Kryptowährungs- + Ermittlungen. Primär für Analyse von Geldflüssen und + Wallet-Verbindungen. domains: - - "multimedia-content" - - "storage-file-system" + - fraud-investigation + - law-enforcement phases: - - "data-collection" - - "Auswertung" - - "Analyse" - platforms: ["Windows", "Linux", "macOS"] - skillLevel: "beginner" - accessType: "download" - url: "https://exiftool.org/" - projectUrl: "" - license: "Perl Artistic License" - tags: ["metadata", "exif", "batch-processing", "opensource"] + - analysis + - reporting + platforms: + - Web + skillLevel: advanced + accessType: commercial + url: https://www.chainalysis.com/ + projectUrl: '' + license: Proprietary + tags: + - blockchain-analysis + - crypto-tracing + - wallet-clustering + - risk-scoring + - compliance-tools + - transaction-monitoring + - visualization + - api-available - - name: "Amped Authenticate" - description: "Forensische Bildauthentifizierungs-Software zur Erkennung von Manipulationen und Kamera-Ballistik" + # Visualization & Analysis + - name: Neo4j + description: >- + Graph-Datenbank für Visualisierung komplexer Beziehungen. + Besonders wertvoll in der Analysephase für Netzwerk- und + Verbindungsanalysen. domains: - - "multimedia-content" + - fraud-investigation + - law-enforcement + - incident-response phases: - - "Auswertung" - - "Analyse" - platforms: ["Windows"] - skillLevel: "advanced" - accessType: "commercial" - url: "https://ampedsoftware.com/authenticate" - projectUrl: "" - license: "Proprietary" - tags: ["image", "authentication", "tampering", "camera-matching"] + - analysis + - reporting + platforms: + - Web + - Windows + - Linux + - macOS + skillLevel: intermediate + accessType: self-hosted + url: https://neo4j.com/ + projectUrl: https://graph.cc24.dev + license: GPL-3.0 / Commercial + tags: + - graph-database + - relationship-analysis + - data-visualization + - cypher-query + - pattern-detection + - api-available + - import-tools + - scalable-analysis + statusUrl: https://status.mikoshi.de/api/badge/32/status - # Financial Forensics Tools - - name: "ACL Analytics (IDEA)" - description: "Leistungsstarke Datenanalyse-Software für Audit und Compliance mit über 100 vordefinierten Prüfroutinen" + - name: QGIS + description: >- + Open-Source Geoinformationssystem für räumliche Datenanalyse. + Wertvoll für Berichterstattung bei Fällen mit GPS-Daten aus + Smartphones oder Fahrzeugen. domains: - - "transaction-financial" - - "storage-file-system" + - law-enforcement + - mobile-forensics phases: - - "data-collection" - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Windows"] - skillLevel: "intermediate" - accessType: "commercial" - url: "https://www.caseware.com/us/products/idea/" - projectUrl: "" - license: "Proprietary" - tags: ["audit", "compliance", "data-Analyse", "automation"] + - analysis + - reporting + platforms: + - Windows + - Linux + - macOS + skillLevel: intermediate + accessType: download + url: https://qgis.org/ + projectUrl: '' + license: GPL-2.0 + tags: + - geospatial-analysis + - gps-visualization + - map-generation + - coordinate-analysis + - timeline-mapping + - export-formats + - plugin-ecosystem + - python-scripting - - name: "Chainalysis" - description: "Blockchain-Intelligence-Plattform für Kryptowährungs-Ermittlungen und Geldflussanalyse über verschiedene Chains" + # Collaboration & Documentation + - name: Nextcloud + description: >- + Self-Hosted-Plattform für sicheren Dateiaustausch. Ideal für + kollaborative Phasen und sichere Speicherung von Beweismitteln + mit Versionierung. domains: - - "transaction-financial" - - "network-communication" + - incident-response + - law-enforcement + - fraud-investigation phases: - - "data-collection" - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "advanced" - accessType: "commercial" - url: "https://www.chainalysis.com/" - projectUrl: "" - license: "Proprietary" - tags: ["blockchain", "cryptocurrency", "money-flow", "compliance"] + - collaboration + - reporting + platforms: + - Web + skillLevel: novice + accessType: self-hosted + url: https://nextcloud.com/ + projectUrl: https://cloud.cc24.dev + license: AGPL-3.0 + tags: + - file-sharing + - collaboration + - encryption + - version-control + - access-control + - audit-logging + - mobile-sync + - api-available + statusUrl: https://status.mikoshi.de/api/badge/11/status - - name: "FraudFindr" - description: "Forensische Buchhaltungssoftware für automatisierte Analyse von Finanztransaktionen und Betrugserkennung" + - name: Gitea + description: >- + Leichtgewichtiger Git-Service für Versionskontrolle. Nützlich + für Dokumentation von Skripten, Playbooks und forensischen + Prozeduren. domains: - - "transaction-financial" + - incident-response + - malware-analysis phases: - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "commercial" - url: "https://fraudfindr.com/" - projectUrl: "" - license: "Proprietary" - tags: ["fraud-detection", "transaction", "Bericht & Präsentation", "automation"] + - collaboration + - reporting + platforms: + - Web + skillLevel: beginner + accessType: self-hosted + url: https://gitea.io/ + projectUrl: https://git.cc24.dev + license: MIT + tags: + - version-control + - code-repository + - documentation + - collaboration + - issue-tracking + - markdown-support + - api-available + - lightweight + statusUrl: https://status.mikoshi.de/api/badge/18/status - - name: "Valid8 Financial" - description: "Verifizierte Financial-Intelligence-Plattform für Transaktions-Tracing und forensische Buchhaltungsanalyse" + # Additional Tools + - name: Binwalk + description: >- + Firmware-Analyse-Tool für eingebettete Dateisysteme. Spezialisiert + auf Extraktion und Analyse von Firmware-Images in IoT- und + ICS-Forensik. domains: - - "transaction-financial" + - ics-forensics + - malware-analysis + - mobile-forensics phases: - - "Auswertung" - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "commercial" - url: "https://www.valid8financial.com/" - projectUrl: "" - license: "Proprietary" - tags: ["transaction", "verification", "visualization", "tracing"] + - examination + - analysis + platforms: + - Linux + - macOS + skillLevel: advanced + accessType: download + url: https://github.com/ReFirmLabs/binwalk + projectUrl: '' + license: MIT + tags: + - firmware-analysis + - file-carving + - entropy-analysis + - signature-scanning + - extraction-tool + - iot-forensics + - embedded-systems + - python-api - - name: "DocuClipper" - description: "KI-gestütztes OCR-Tool zur Extraktion und Analyse von Bankdaten aus PDF- und gescannten Dokumenten" - domains: - - "transaction-financial" - - "storage-file-system" - phases: - - "data-collection" - - "Analyse" - platforms: ["Web"] - skillLevel: "beginner" - accessType: "commercial" - url: "https://www.docuclipper.com/" - projectUrl: "" - license: "Proprietary" - tags: ["ocr", "bank-statements", "extraction", "ai"] - - # Visualization and Analyse Tools - - name: "Neo4j" - description: "Graph-Datenbank für Visualisierung komplexer Beziehungen und Netzwerkanalyse in forensischen Untersuchungen" - domains: - - "network-communication" - - "application-code" - - "transaction-financial" - phases: - - "Analyse" - - "Bericht & Präsentation" - platforms: ["Web", "Windows", "Linux", "macOS"] - skillLevel: "intermediate" - accessType: "self-hosted" - url: "https://neo4j.com/" - projectUrl: "https://graph.cc24.dev" - license: "GPL-3.0 / Commercial" - tags: ["graph", "visualization", "relationships", "queries"] - statusUrl: "https://status.mikoshi.de/api/badge/32/status" - - # Collaboration Tools - Domain-agnostic - - name: "Nextcloud" - description: "Self-Hosted-Plattform für sicheren Dateiaustausch und Zusammenarbeit mit End-to-End-Verschlüsselung" - domains: [] # Domain-agnostic - phases: - - "collaboration" - platforms: ["Web"] - skillLevel: "beginner" - accessType: "self-hosted" - url: "https://nextcloud.com/de/" - projectUrl: "https://cloud.cc24.dev" - license: "AGPL-3.0" - tags: ["file-sharing", "collaboration", "encryption", "privacy"] - statusUrl: "https://status.mikoshi.de/api/badge/11/status" - - - name: "Gitea" - description: "Leichtgewichtiger Self-Hosted Git-Service für Code-Kollaboration, Versionskontrolle und Dokumentation" - domains: [] # Domain-agnostic - phases: - - "collaboration" - platforms: ["Web"] - skillLevel: "intermediate" - accessType: "self-hosted" - url: "https://gitea.org.lab" - projectUrl: "https://git.cc24.dev" - license: "MIT" - tags: ["version-control", "git", "documentation", "lightweight"] - statusUrl: "https://status.mikoshi.de/api/badge/18/status" - -# Domain definitions for reference domains: - - id: "storage-file-system" - name: "Storage & File System Artifacts" - - id: "memory-runtime" - name: "Memory & Runtime Artifacts" - - id: "network-communication" - name: "Network & Communication Artifacts" - - id: "application-code" - name: "Application & Code Artifacts" - - id: "multimedia-content" - name: "Multimedia & Content Artifacts" - - id: "transaction-financial" - name: "Transaction & Financial Artifacts" - - id: "platform-infrastructure" - name: "Platform & Infrastructure Artifacts" + - id: incident-response + name: Incident Response & Breach-Untersuchung + - id: law-enforcement + name: Strafverfolgung & Kriminalermittlung + - id: malware-analysis + name: Malware-Analyse & Reverse Engineering + - id: fraud-investigation + name: Betrugs- & Finanzkriminalität + - id: network-forensics + name: Netzwerk-Forensik & Traffic-Analyse + - id: mobile-forensics + name: Mobile Geräte & App-Forensik + - id: cloud-forensics + name: Cloud & Virtuelle Umgebungen + - id: ics-forensics + name: Industrielle Kontrollsysteme (ICS/SCADA) -# Phase definitions for reference phases: - - id: "data-collection" - name: "Datensammlung" - - id: "Auswertung" - name: "Auswertung" - - id: "Analyse" - name: "Analyse" - - id: "Bericht & Präsentation" - name: "Bericht & Präsentation" - - id: "collaboration" - name: "Übergreifend & Kollaboration" \ No newline at end of file + - id: data-collection + name: Datensammlung + - id: examination + name: Auswertung + - id: analysis + name: Analyse + - id: reporting + name: Bericht & Präsentation + - id: collaboration + name: Übergreifend & Kollaboration \ No newline at end of file diff --git a/src/pages/index.astro b/src/pages/index.astro index 1f57985..d0c2548 100644 --- a/src/pages/index.astro +++ b/src/pages/index.astro @@ -148,13 +148,15 @@ function createToolCard(tool) { const cardDiv = document.createElement('div'); const cardClass = hasValidProjectUrl ? 'card card-hosted' : (tool.license !== 'Proprietary' ? 'card card-oss' : 'card'); cardDiv.className = cardClass; + cardDiv.style.cursor = 'pointer'; + cardDiv.onclick = () => (window as any).showToolDetails(tool.name); // Create button HTML based on hosting status let buttonHTML; if (hasValidProjectUrl) { // Two buttons for tools we're hosting buttonHTML = ` -
+
Software-Homepage @@ -166,7 +168,7 @@ function createToolCard(tool) { } else { // Single button for tools we're not hosting buttonHTML = ` - + Software-Homepage `;