Tools

The DFIR4vSphere PowerShell module collects logs and forensics artefacts on both ESXi hosts and the vCenter console.

The module has two main functions:

• Start-VC_Investigation: This function will collect all vSphere API calls registered on the vCenter, these logs are called VI events. You can also collect only events considered of interest. ESXi inventory, vCenter permissions and users report is also generated by the function. Optionally, a support bundle for the vCenter appliance can be generated.
• Start-ESXi_Investigation: Collects forensics data on a single or multiple ESXi hosts. Optionally, a support bundle for each hypervisor targeted can be generated.

DFIR4vSphere was first presented at the CoRI&IN 2022 (Conférence sur la réponse aux incidents et l’investigation numérique). Slides of the presentation, in french language, are available here.

Find duplicate records in output of Hash

Hashcmp can be used to compare the contents, line by line, of two files with similar records. When it finds records in one file that do not have a match in the other file, the program displays the mismatch on the screen. It is designed to display the differences in output files produced by the Maresware Hash program.

HK_Hash is a smaller version of Hash which is specially designed to calculate the 128 bit MD5 hash of a file(s) and create a comma delimeted output that is compatable with the hashkeeper requirements for a file which it to be loaded/imported into the hashkeeper data base.

Hash is designed to calculate a 32 bit CRC, 128 bit MD5 hash, 160 bit Secure Hash Algorithm (SHA1), or the SHA2  (256, 384 or 512 bit) of a file.

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile.

This is not a replacement for tools such as Rekall and Volatility which use a profile to perform a more structured analysis of memory.

Rip Raw works by taking a Raw Binary such as a Memory Dump and carves files and logs using:

• Text/binary boundaries

• File headers and file magic

• Log entries

Free tool for inspecting the contents of SQLite databases.

Browser History Viewer (BHV) is a forensic software tool for extracting and
viewing internet history from the main desktop web browsers.

Browser History Capturer allows you to easily capture web browser history from a Windows computer. The tool can be run from a USB dongle or via a Remote Desktop connection to capture history from Chrome, Edge, Firefox and Internet Explorer web browsers.

BHE is a forensic software tool for capturing, analysing and reporting internet history from the main desktop web browsers.

Leak.sx

breachchecker

Intelligence X

4iq

leak-lookup

leakcheck

nuclearleaks

weleakinfo

leakpeek

haveibeenpwned

snusbase

Have I Been Sold?

leakedsource

WikiLeaks

Joe Black Security

Black Kite

scatteredsecrets

dehashed

Cryptome

GlobaLeaks

Al Jazeera’s Investigative Unit

ghostproject

Have I Been Facebooked?

spycloud

raidforums

Have I Been Zucked?

leakhispano

Fasterbroadband

F-Secure Identity Theft Checker

Firefox Monitor

Amibreached

inoitsu

Password Checkup by Google

Pastebin

PasteLert

Annual Reports

Reporter Link

Gov.Uk

U.S. Securities and exchange commission

Sedar

Company registration around the world

Open corporates

crunchbase

Zoom info 

corporationwiki

Kompass

Infobel

Orbis directory

Manta

Canadian Company Capabilities

Canadian Importers Database

LittleSis

Companies House

EUROPAGES

Vault

Owler

The United Kingdom Limited Liability Company list

International White and Yellow Pages

Google finance

Google Advanced Patent Search Engine

European Patent Office

Israel Patent Office Database

Norwegian Industrial Property Office

Swedish Patent and Registration Office

Switzerland 

Taiwan Intellectual Property Office

Japan Patent Office

World Intellectual Property Organization (WIPO) 

State Intellectual Property Office (SIPO) of the People’s Republic of China

Australia Patent Search

Canadian Intellectual Property Office

Danish Patent and Trademark Office

Finnish Patent and Registration Office

France Patent Search

Germany Patent Office

UK Patent Search Engine

India Patent Office

stopfakes

Patent Lens

Directory of Intellectual Property Offices Worldwide

1stHeadlines

Google News Archive

Google Newspaper Archive

News Now

Newspaper Archives:Records.

All you can read

Newspapers Search

Findmypast

Daily Earth

Search U.S. Newspaper Directory, 1690-Present

Newspaper Map

World News

The paperboy

Newsography

Online Newspapers

YouGotTheNews

Library of Congress Newspapers directory  & 100 Years Ago Today

ahmia

Onion Search Engine

darksearch

Torch

Not Evil

Candle

The Uncensored Hidden Wiki

Parazite

TorLinks

gibiru

HayStack

TorDex

Shodan

Airport webcams

Insecam

Lookr

Earthcam

Openstreetcam

Opentopia

Pictimo

Thingful

Webcam.nl (NL)

Webcams.travel

Worldcam

censys

YouTube

Google video

Yahoo video search

Bing videos

AOL videos

StartPage video search

Veoh

Vimeo

360daily

Official Facebook video search

Crowd tangle (Facebook video search)

Internet archive open source movies

Live Leak

Facebook live video map

Meta Tube

Geo Search Tool

Earth Cam

Insecam