CATEGORY

Software/Code

Generate an Unlimited Amount of VeraCrypt Containers

The major goal of this software is to frustrate a digital forensics examination by overwhelming an investigator with encrypted containers.

LSB Steganography with Encryption in Python using PNG Files

This software implements LSB Steganography, as described and demonstrated in the link above, and in addition, message encryption. This way a user can encrypt their hidden message using Fernet, with a passphrase.

LSB (Least Significate Bit) Steganography in Python using PNG Files

Using LSB Steganography in Python to hide a message in a PNG. Input and extract hidden messages using Least Significant Bit Steganography.

Steganography by File Appending – Hiding a zip File in a jpg

Appending a ZIP file to the end of a JPG image is a straightforward process because the JPEG format's structure allows the image to remain valid and viewable in image viewers, while the ZIP file remains accessible with archive managers.

Reading the Notepad Tab Cache

This software will gather notepad.exe tab cache data and print it to standard output in json format. Notepad keeps a cache of open tabs, meaning it remembers which files or documents you have open in the editor even if you close Notepad and reopen it later.

Disabling UserAssist in Registry

UserAssist registry forensics is a method used to investigate the activity of users on a Windows operating system.

Simple C# Timestomp

SharpTimestomp.exe is a simple proof-of-concept timestomp application that modifies date/time values for the file indicated in the arguments.

SimpleWiper Suite – Wiping Files With C#

The SimpleWiper suite of tools includes a SimpleFileWiper application. This application will calculate the size of the file to be deleted. It will then overwrite the file with random data.

C# – Kill Process (FTK Imager)

Simple C# application demonstrating how to kill running processes. In this case, the Digital Forensics software. C# Kill Process

sprung – Reboot Operating System (Linux) When a Thumbdrive is Removed

sprung is a simple script that scans for a device ID and the serial number for a particular device. If the device is removed or malfunctions so that either the device ID or the serial number change or become unreadable, a forced system reset occurs using a Magic SysRq Key routine.

Latest news