mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity

main #11

Merged
mstoeck3 merged 66 commits from main into forensic-ai 2025-08-11 12:02:56 +00:00
Conversation 0 Commits 66 Files Changed 54 +183878 -161247
2 changed files with 183878 additions and 161247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b8311e152d - Show all commits

344586
data/embeddings.json
View File

File diff suppressed because it is too large Load Diff

539
src/data/tools.yaml
View File

@ -6607,6 +6607,545 @@ tools:
icon: 📧 icon: 📧
license: LGPL-3.0 license: LGPL-3.0
accessType: download accessType: download
- name: Linux Netzwerk-Konfiguration Analyse
type: method
description: >-
Systematische Auswertung von /etc/network/interfaces (Debian/Ubuntu),
/etc/sysconfig/network (SUSE), /etc/NetworkManager (WLAN) für
Netzwerk-Timeline-Reconstruction. Static/Dynamic-IP-Analysis,
Gateway-Configuration, WLAN-SSID-History und Interface-Status-Tracking.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- network-forensics
phases:
- examination
- analysis
tags:
- network-configuration
- interface-analysis
- wlan-analysis
- ip-configuration
- gateway-analysis
related_concepts:
- Network Protocols & Packet Analysis
- name: Linux File Access Timestamp Analyse
type: method
description: >-
Dateizugriffs-Rekonstruktion durch stat, ls -l, date -r für
Access/Modify/Change-Time-Analysis. Filesystem-Metadaten-Extraction,
Touch-Command-Detection, Root-Manipulation-Identification. Correlation
mit System-Logs für vollständige File-Activity-Timeline.
url: https://cloud.cc24.dev/f/32342
skillLevel: beginner
domains:
- static-investigations
- incident-response
phases:
- examination
- analysis
tags:
- file-timestamps
- metadata-analysis
- access-time
- modification-time
- filesystem-analysis
related_concepts:
- File Systems & Storage Forensics
- Timeline Analysis & Event Correlation
- name: Linux Package Management Forensik
type: method
description: >-
APT/RPM-Paketmanager-Analyse für Software-Installation-Timeline und
Integrity-Verification. Repository-Source-Analysis, Package-History-
Reconstruction, Dependency-Tracking, Malicious-Package-Detection durch
Signature-Verification und Update-Pattern-Analysis.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- malware-analysis
phases:
- examination
- analysis
tags:
- package-analysis
- software-timeline
- installation-history
- dependency-tracking
- integrity-verification
related_concepts:
- Hash Functions & Digital Signatures
- Timeline Analysis & Event Correlation
- name: Linux Namespace Container-Forensik
type: method
description: >-
Container-Isolation-Analysis durch Mount-, UTS-, IPC-, PID-, Network-,
User-Namespace-Examination. Unshare-Command-Analysis, Process-Container-
Mapping, Resource-Limitation-Detection via /sys/fs/cgroup für
Container-Escape-Investigation und Privilege-Escalation-Detection.
url: https://cloud.cc24.dev/f/32342
skillLevel: expert
domains:
- incident-response
- malware-analysis
phases:
- examination
- analysis
tags:
- container-analysis
- namespace-isolation
- privilege-escalation
- process-isolation
- container-escape
- cgroup-analysis
related_concepts:
- Memory Forensics & Process Analysis
- name: Docker Container Forensische Analyse
type: method
description: >-
Docker-Image/Container-Layer-Analysis für Containerized-Application-
Forensics. Dockerfile-Reconstruction, Image-History-Analysis,
Container-Runtime-Investigation, Volume-Mount-Analysis und
Network-Bridge-Examination für Container-Security-Incident-Response.
url: https://cloud.cc24.dev/f/32342
skillLevel: advanced
domains:
- incident-response
- cloud-forensics
- malware-analysis
phases:
- examination
- analysis
tags:
- container-forensics
- docker-analysis
- image-analysis
- layer-analysis
- volume-analysis
- containerized-malware
related_concepts:
- Memory Forensics & Process Analysis
related_software:
- Docker Explorer
- name: Linux System Monitoring Forensik
type: method
description: >-
Live-System-Überwachung durch ps, top, htop für Process-Analysis und
Malware-Detection. SHA256-Hash-Verification von System-Binaries,
Update-Status-Verification, Hidden-Process-Detection und
Resource-Usage-Anomaly-Analysis für APT-Investigation.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- malware-analysis
phases:
- examination
- analysis
tags:
- process-monitoring
- hash-verification
- malware-detection
- system-integrity
- anomaly-detection
- apt-investigation
related_concepts:
- Hash Functions & Digital Signatures
- Memory Forensics & Process Analysis
related_software:
- hashdeep
- md5sum / sha256sum
- name: DNS Filtering Analysis (Linux)
type: method
description: >-
/etc/hosts-File-Analysis für DNS-Manipulation-Detection und
Domain-Blocking-Investigation. Static-DNS-Entry-Analysis,
Malware-DNS-Hijacking-Detection, Sinkhole-Configuration-Analysis für
Network-Traffic-Redirection-Investigation und Anti-Malware-Verification.
url: https://cloud.cc24.dev/f/32342
skillLevel: beginner
domains:
- incident-response
- network-forensics
- malware-analysis
phases:
- examination
- analysis
tags:
- dns-analysis
- hosts-file
- domain-blocking
- dns-hijacking
- traffic-redirection
- sinkhole-analysis
related_concepts:
- Network Protocols & Packet Analysis
- name: Linux Route Filtering Forensik
type: method
description: >-
Routing-Table-Analysis durch route-Command für Network-Traffic-Flow-
Investigation. Static-Route-Configuration-Analysis, Gateway-Manipulation-
Detection, Traffic-Filtering-Verification für Network-Isolation-Analysis
und Lateral-Movement-Investigation.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- network-forensics
phases:
- examination
- analysis
tags:
- routing-analysis
- traffic-filtering
- gateway-analysis
- network-isolation
- lateral-movement
- route-manipulation
related_concepts:
- Network Protocols & Packet Analysis
- name: GnuPG Verschlüsselungs-Forensik
type: method
description: >-
OpenPGP-Encryption-Analysis für verschlüsselte Kommunikation und
File-Protection-Investigation. Public/Private-Key-Analysis,
Signature-Verification, Encrypted-Message-Recovery-Techniques und
Key-Ring-Analysis für Cryptographic-Evidence-Processing.
url: https://cloud.cc24.dev/f/32342
skillLevel: advanced
domains:
- static-investigations
- incident-response
phases:
- examination
- analysis
tags:
- encryption-analysis
- pgp-analysis
- key-analysis
- signature-verification
- encrypted-communications
- cryptographic-evidence
related_concepts:
- Hash Functions & Digital Signatures
- name: X.509 Certificate Analysis
type: method
description: >-
SSL/TLS-Certificate-Forensik für HTTPS-Communication-Analysis und
PKI-Investigation. Certificate-Chain-Verification, CA-Trust-Analysis,
Certificate-Metadata-Extraction, Expired/Revoked-Certificate-Detection
für Network-Security-Incident-Analysis.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- network-forensics
phases:
- examination
- analysis
tags:
- certificate-analysis
- ssl-tls-analysis
- pki-analysis
- trust-verification
- network-security
- https-analysis
related_concepts:
- Hash Functions & Digital Signatures
- Network Protocols & Packet Analysis
- name: USB Device Forensic Analysis (Linux)
type: method
description: >-
USB-Hardware-Forensik durch usbauth-Framework für Device-Access-Control-
Analysis. USB-Device-History-Reconstruction, Vendor/Product-ID-Analysis,
Port-Binding-Investigation und Device-Type-Classification für
Hardware-Based-Attack-Investigation und Data-Exfiltration-Analysis.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- static-investigations
phases:
- examination
- analysis
tags:
- usb-forensics
- hardware-analysis
- device-history
- access-control
- data-exfiltration
- hardware-attacks
related_concepts:
- Timeline Analysis & Event Correlation
- name: Linux Live-Boot Forensik-Umgebung
type: method
description: >-
Kontaminationsfreie Systemuntersuchung durch Boot von USB/DVD ohne
Festplatten-Zugriff. Forensics-Mode deaktiviert automatisches Mounting
und Netzwerk-Services. Ermöglicht saubere Evidence-Akquisition ohne
Host-System-Veränderungen. Alle Änderungen sind nach Ausschalten gelöscht.
url: https://cloud.cc24.dev/f/32342
skillLevel: beginner
domains:
- incident-response
- static-investigations
phases:
- data-collection
- examination
tags:
- live-acquisition
- write-blocker
- contamination-prevention
- forensic-imaging
- read-only-access
related_concepts:
- Digital Evidence Chain of Custody
related_software:
- Kali Linux
- SIFT Workstation
- CAINE
- name: Linux Festplatten-Partitionierung
type: method
description: >-
Systematische Datenträger-Aufteilung mit fdisk (MBR) oder gdisk (GPT) für
forensische Imaging-Workflows. Unterstützt DOS-, GPT-, SGI- und
Sun-Partitionierungen. Kombiniert mit mkfs für Dateisystem-Erstellung.
Essentiell für Evidence-Storage und Analyse-Partitionen.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- static-investigations
phases:
- data-collection
- examination
tags:
- disk-partitioning
- gpt-analysis
- mbr-analysis
- filesystem-creation
- evidence-storage
related_concepts:
- File Systems & Storage Forensics
- Digital Evidence Chain of Custody
related_software:
- dd
- FTK Imager
- name: Linux Benutzer- und Rechteverwaltung
type: method
description: >-
Systematische Analyse von /etc/passwd, /etc/shadow und /etc/group für
User-Activity-Reconstruction. Zahlencodierung (chmod 755) und
Symbolic-Notation (rwxr-xr-x) für Dateiberechtigungen. Includes setuid,
setgid und sticky-bit Analyse für Privilege-Escalation-Detection.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- examination
- analysis
tags:
- user-analysis
- permission-analysis
- privilege-escalation
- system-metadata
- access-control
related_concepts:
- File Systems & Storage Forensics
- Timeline Analysis & Event Correlation
related_software:
- grep
- strings
- name: Linux Log-Analyse Methodik
type: method
description: >-
Strukturierte Auswertung von /var/log/* für
Incident-Timeline-Reconstruction. Unix-Time-Konvertierung,
Kernel-Ring-Buffer-Analyse mit dmesg, Authentication-Logs in
auth.log/secure. Korrelation zwischen System-, Kernel- und
Application-Logs für vollständige Event-Sequencing.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- static-investigations
- network-forensics
phases:
- examination
- analysis
tags:
- log-analysis
- timeline-analysis
- unix-time
- kernel-analysis
- authentication-logs
- syslog-analysis
related_concepts:
- Timeline Analysis & Event Correlation
related_software:
- grep
- Plaso (log2timeline)
- name: Linux Shell-Historie Forensik
type: method
description: >-
Bash-History-Analyse aus ~/.bash_history für Command-Execution-Timeline.
Erkennung von Anti-Forensik-Techniken: geleerte History, Softlinks auf
/dev/null, manipulierte Timestamps. Korrelation mit Login-Logs für
vollständige User-Activity-Reconstruction ohne Zeitstempel.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- examination
- analysis
tags:
- command-history
- user-activity
- anti-forensics-detection
- bash-analysis
- timeline-reconstruction
- indicator-of-compromise
related_concepts:
- Timeline Analysis & Event Correlation
related_software:
- grep
- strings
- name: Git Repository Forensik
type: method
description: >-
Versionskontroll-System-Analyse für Source-Code-Forensik und
Entwickler-Activity-Tracking. Branch-Timeline-Reconstruction,
Commit-Hash-Verifizierung, Merge-Conflict-Analysis. Collaborative-
Workflow-Investigation über Remote-Repositories und Pull-Requests.
url: https://cloud.cc24.dev/f/32342
skillLevel: advanced
domains:
- incident-response
- static-investigations
- malware-analysis
phases:
- examination
- analysis
tags:
- version-control
- source-code-analysis
- developer-tracking
- commit-analysis
- collaboration-forensics
- hash-verification
related_concepts:
- Hash Functions & Digital Signatures
- Timeline Analysis & Event Correlation
related_software:
- Gitea
- name: iptables Firewall-Forensik
type: method
description: >-
Netzwerk-Traffic-Filtering-Analysis durch iptables-Rules-Reconstruction.
INPUT/OUTPUT/FORWARD-Chain-Analysis, ACCEPT/DROP/REJECT-Actions,
Port-based und IP-based Filtering. Regel-Persistence-Verification und
Anti-Evasion-Configuration für Incident-Response.
url: https://cloud.cc24.dev/f/32342
skillLevel: advanced
domains:
- incident-response
- network-forensics
phases:
- examination
- analysis
tags:
- firewall-analysis
- network-filtering
- traffic-analysis
- rule-analysis
- packet-filtering
- network-security
related_concepts:
- Network Protocols & Packet Analysis
- name: LUKS Disk-Encryption Analysis
type: method
description: >-
Linux Unified Key Setup Verschlüsselungs-Forensik für encrypted
Partitions und Container. Cryptsetup-based Key-Slot-Analysis,
Metadata-Header-Examination, Passphrase-Recovery-Techniques. Integration
mit Filesystem-Mounting für decrypted Evidence-Access.
url: https://cloud.cc24.dev/f/32342
skillLevel: expert
domains:
- static-investigations
- incident-response
phases:
- examination
- analysis
tags:
- disk-encryption
- key-analysis
- encrypted-storage
- partition-analysis
- cryptographic-analysis
- access-recovery
related_concepts:
- Hash Functions & Digital Signatures
- File Systems & Storage Forensics
- name: Linux Secure File Deletion Verification
type: method
description: >-
Forensische Verifikation sicherer Löschvorgänge durch Overwrite-Pattern-
Analysis. Unterscheidung zwischen rm (Filesystem-Entry-Deletion) und
shred (Multi-Pass-Overwriting). Recovery-Verification und Anti-Forensik-
Detection bei unvollständigen Secure-Wipe-Operationen.
url: https://cloud.cc24.dev/f/32342
skillLevel: intermediate
domains:
- static-investigations
- incident-response
phases:
- examination
- analysis
tags:
- secure-deletion
- data-recovery
- overwrite-analysis
- anti-forensics
- file-system-analysis
- data-sanitization
related_concepts:
- File Systems & Storage Forensics
related_software:
- PhotoRec
- dd
- name: Linux Process Memory Analysis
type: method
description: >-
Live-System-Speicher-Untersuchung durch /proc-Filesystem-Analysis.
Process-State-Examination, Memory-Maps-Analysis, Open-Files-Detection via
/proc/PID/. Kernel-Module-Verification und Hidden-Process-Detection für
Rootkit-Analysis ohne Memory-Dump-Tools.
url: https://cloud.cc24.dev/f/32342
skillLevel: advanced
domains:
- incident-response
- malware-analysis
phases:
- examination
- analysis
tags:
- process-analysis
- memory-analysis
- proc-filesystem
- rootkit-detection
- live-analysis
- kernel-analysis
related_concepts:
- Memory Forensics & Process Analysis
domains: domains:
- id: incident-response - id: incident-response
name: Incident Response & Breach-Untersuchung name: Incident Response & Breach-Untersuchung