Cookie Engineer's Forensics Tools

This is my mono repository containing my personal forensics tools that I need when I'm investigating an incident. They are something like a better bashrc, implemented in Go, without any kind of warranty to work at all.

The tools folder is separated by use-case. Each of the tools' root folder contains a README.md explaining the purpose of the forensics tools inside them. Make sure to read them carefully.

The toolchain folder contains one entry point:

• The build.go which builds all binaries and a separate install-forensics-tools program.

Tools / Features

• archive-pack packs any known archive files
• archive-unpack unpacks any known archive files
• crx-dl downloads Chromium extension files
• crx-extract extracts Chromium extension files
• dns-iscensored checks whether a domain is censored
• ffmpeg-to720p converts videos to x264 720p videos
• ffmpeg-to1080p converts videos to x264 1080p videos
• ffmpeg-tomp3 converts videos to mp3 files
• git-serve serves a local git server
• dyndns-goip updates goip.de DynDNS domains
• gs-totiff converts documents to tiff images
• http-serve serves a folder via HTTP
• memdump-keepass finds a KeePass(XC) password in memory dump files
• npm-dl downloads and extracts specific packages from the NPM registry
• reddit-archive downloads subreddits and threads
• sql-extract extracts a specific table from large SQL dump files
• sql-tables lists a table index of large SQL dump files
• torrent-magnetify adds default trackers to torrent magnet links
• totp-extract extracts OTP password seeds from screenshots or camera photos of QR codes
• yt-mp3 downloads streams as MP3 files
• yt-mp4 downloads streams as MP4 files
• yt-opus downloads streams as OPUS files
• zip-bruteforce bruteforces the password of a ZIP file
• zip-unmask unmasks ZIP files that have been XOR obfuscated

Building

The build.go script builds all tool binaries and a separate install-forensics-tools program that can be deployed to another machine and executed there to install all the contained binaries.

# Build all tools and the installer
cd /path/to/forensics-tools/toolchain;
go run build.go;

Alternatively, you can also simply use go install on any of the tools in an isolated capacity:

cd /path/to/forensics-tools;

cd /tools/npm;
go install ./cmds/npm-dl;

Installation

# Build the installer which contains all tool binaries
cd /path/to/forensics-tools/toolchain;
go run build.go;

# Install all binaries to /usr/local/bin
cd /path/to/forensics-tools/build;
export PREFIX="/usr/local"; sudo install-forensics-tools;

License

GPL3