mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity

improve related software

Browse Source
This commit is contained in:
overcuriousity 2025-07-27 22:48:02 +02:00
parent 88938d522d
commit d8eb2b556b
5 changed files with 55 additions and 2189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.astro/data-store.json
View File

File diff suppressed because one or more lines are too long

44
src/components/ToolMatrix.astro
View File

@ -520,6 +520,7 @@ domains.forEach((domain: any) => {
`; `;
const relatedConcepts = tool.related_concepts || []; const relatedConcepts = tool.related_concepts || [];
const relatedSoftware = tool.related_software || [];
if (relatedConcepts.length > 0 && modalType === 'primary') { if (relatedConcepts.length > 0 && modalType === 'primary') {
const conceptLinks = relatedConcepts.map(conceptName => { const conceptLinks = relatedConcepts.map(conceptName => {
const concept = toolsData.find(t => t.name === conceptName && t.type === 'concept'); const concept = toolsData.find(t => t.name === conceptName && t.type === 'concept');
@ -556,6 +557,49 @@ domains.forEach((domain: any) => {
`; `;
} }
if (relatedSoftware.length > 0 && modalType === 'primary') {
const softwareLinks = relatedSoftware.map(softwareName => {
const software = toolsData.find(t => t.name === softwareName && (t.type === 'software' || t.type === 'method'));
if (software) {
const isHosted = window.isToolHosted(software);
const isSoftwareMethod = software.type === 'method';
const bgColor = isSoftwareMethod ? 'var(--color-method-bg)' :
isHosted ? 'var(--color-hosted-bg)' : 'var(--color-oss-bg)';
const borderColor = isSoftwareMethod ? 'var(--color-method)' :
isHosted ? 'var(--color-hosted)' : 'var(--color-oss)';
return `<button class="tag cursor-pointer" style="background-color: ${bgColor}; border: 1px solid ${borderColor}; color: ${borderColor}; transition: var(--transition-fast);"
onclick="event.stopPropagation(); window.showToolDetails('${softwareName}', 'secondary')"
onmouseover="this.style.backgroundColor='${borderColor}'; this.style.color='white';"
onmouseout="this.style.backgroundColor='${bgColor}'; this.style.color='${borderColor}';">
${softwareName}
</button>`;
}
return `<span class="tag" style="background-color: var(--color-bg-tertiary); color: var(--color-text-secondary);">${softwareName}</span>`;
}).join('');
const isMobile = window.innerWidth <= 768;
const collapseOnMobile = isMobile && relatedSoftware.length > 2;
tagsHTML += `
<div class="mt-4">
<div class="flex items-center gap-2 mb-2">
<strong style="color: var(--color-text);">Verwandte Software:</strong>
${collapseOnMobile ? `
<button id="software-toggle-${modalType}"
onclick="this.nextElementSibling.style.display = this.nextElementSibling.style.display === 'none' ? 'block' : 'none'; this.textContent = this.textContent === '▼' ? '▲' : '▼';"
class="btn-icon text-xs">
</button>
` : ''}
</div>
<div ${collapseOnMobile ? 'class="hidden"' : ''} class="flex flex-wrap gap-1">
${softwareLinks}
</div>
</div>
`;
}
elements.tags.innerHTML = tagsHTML; elements.tags.innerHTML = tagsHTML;
let linksHTML = ''; let linksHTML = '';

1982
src/data/tools.yaml
View File

File diff suppressed because it is too large Load Diff

213
src/data/tools.yaml.example
View File

@ -1,213 +0,0 @@
# This is a minimal example file of the real knowledgebase in ./src/data/tools.yaml
- name: Rapid Incident Response Triage on macOS
icon: 📋
type: method
description: >-
Spezialisierte Methodik für die schnelle Incident Response auf
macOS-Systemen mit Fokus auf die Sammlung kritischer forensischer
Artefakte in unter einer Stunde. Adressiert die Lücke zwischen
Windows-zentrierten IR-Prozessen und macOS-spezifischen
Sicherheitsarchitekturen. Nutzt Tools wie Aftermath für effiziente
Datensammlung ohne zeitaufwändige Full-Disk-Images. Besonders wertvoll für
Unternehmensumgebungen mit gemischten Betriebssystem-Landschaften.
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- data-collection
- examination
platforms: []
related_concepts: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: >-
https://www.sans.org/white-papers/rapid-incident-response-on-macos-actionable-insights-under-hour/
projectUrl: null
license: null
knowledgebase: null
tags:
- macos
- rapid-response
- triage
- incident-response
- aftermath
- enterprise
- methodology
- apple
- name: Aftermath
icon: 📦
type: software
description: >-
Jamf's Open-Source-Tool für die schnelle Sammlung forensischer Artefakte
auf macOS-Systemen. Sammelt kritische Daten wie Prozessinformationen,
Netzwerkverbindungen, Dateisystem-Metadaten und Systemkonfigurationen ohne
Full-Disk-Imaging. Speziell entwickelt für die Rapid-Response-Triage in
Enterprise-Umgebungen mit macOS-Geräten. Normalisiert Zeitstempel und
erstellt durchsuchbare Ausgabeformate für effiziente Analyse.
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- data-collection
- examination
platforms:
- macOS
related_concepts: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: download
url: https://github.com/jamf/aftermath/
projectUrl: ''
license: Apache 2.0
knowledgebase: false
tags:
- macos
- incident-response
- triage
- artifact-collection
- rapid-response
- jamf
- enterprise
- commandline
- name: Regular Expressions (Regex)
icon: 🔤
type: concept
description: >-
Pattern matching language for searching, extracting, and manipulating
text. Essential for log analysis, malware signature creation, and data
extraction from unstructured sources. Forms the backbone of many forensic
tools and custom scripts.
domains:
- incident-response
- malware-analysis
- network-forensics
- fraud-investigation
phases:
- examination
- analysis
platforms: []
related_concepts: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: https://regexr.com/
projectUrl: null
license: null
knowledgebase: true
tags:
- pattern-matching
- text-processing
- log-analysis
- string-manipulation
- search-algorithms
- name: SQL Query Fundamentals
icon: 🗃️
type: concept
description: >-
Structured Query Language for database interrogation and analysis.
Critical for examining application databases, SQLite artifacts from
mobile devices, and browser history databases. Enables complex
correlation and filtering of large datasets.
domains:
- incident-response
- mobile-forensics
- fraud-investigation
- cloud-forensics
phases:
- examination
- analysis
platforms: []
related_concepts: null
domain-agnostic-software: null
skillLevel: intermediate
accessType: null
url: https://www.w3schools.com/sql/
projectUrl: null
license: null
knowledgebase: false
tags:
- database-analysis
- query-language
- data-correlation
- mobile-artifacts
- browser-forensics
- name: Hash Functions & Digital Signatures
icon: 🔐
type: concept
description: >-
Cryptographic principles for data integrity verification and
authentication. Fundamental for evidence preservation, malware
identification, and establishing chain of custody. Understanding of MD5,
SHA, and digital signature validation.
domains:
- incident-response
- static-investigations
- malware-analysis
- cloud-forensics
phases:
- data-collection
- examination
platforms: []
related_concepts: null
domain-agnostic-software: null
skillLevel: advanced
accessType: null
url: https://en.wikipedia.org/wiki/Cryptographic_hash_function
projectUrl: null
license: null
knowledgebase: false
tags:
- cryptography
- data-integrity
- evidence-preservation
- malware-identification
- chain-of-custody
domains:
- id: incident-response
name: Incident Response & Breach-Untersuchung
- id: static-investigations
name: Datenträgerforensik & Ermittlungen
- id: malware-analysis
name: Malware-Analyse & Reverse Engineering
- id: fraud-investigation
name: Betrugs- & Finanzkriminalität
- id: network-forensics
name: Netzwerk-Forensik & Traffic-Analyse
- id: mobile-forensics
name: Mobile Geräte & App-Forensik
- id: cloud-forensics
name: Cloud & Virtuelle Umgebungen
- id: ics-forensics
name: Industrielle Kontrollsysteme (ICS/SCADA)
phases:
- id: data-collection
name: Datensammlung
description: Imaging, Acquisition, Remote Collection Tools
- id: examination
name: Auswertung
description: Parsing, Extraction, Initial Analysis Tools
- id: analysis
name: Analyse
description: Deep Analysis, Correlation, Visualization Tools
- id: reporting
name: Bericht & Präsentation
description: >-
Documentation, Visualization, Presentation Tools (z.B. QGIS für Geodaten,
Timeline-Tools)
domain-agnostic-software:
- id: collaboration-general
name: Übergreifend & Kollaboration
description: Cross-cutting tools and collaboration platforms
- id: specific-os
name: Betriebssysteme
description: Operating Systems which focus on forensics
scenarios:
- id: registry
icon: 🗃️
friendly_name: "Registry-Analyse"
- id: memory-forensics
icon: 🧠
friendly_name: "Memory-Forensik"

1
src/utils/dataService.ts
View File

@ -21,6 +21,7 @@ const ToolSchema = z.object({
accessType: z.string().optional().nullable(), accessType: z.string().optional().nullable(),
'domain-agnostic-software': z.array(z.string()).optional().nullable(), 'domain-agnostic-software': z.array(z.string()).optional().nullable(),
related_concepts: z.array(z.string()).optional().nullable().default([]), related_concepts: z.array(z.string()).optional().nullable().default([]),
related_software: z.array(z.string()).optional().nullable().default([]), // Added this line
}); });
const ToolsDataSchema = z.object({ const ToolsDataSchema = z.object({