🔬 NullSec Forensics

Advanced Digital Forensics & Incident Response Toolkit

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ░ ▒░   ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓  ░░ ▒░▓  ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░
     ░    ░    ░   ░   ░         ░            ░   ░   ░        
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░ F O R E N S I C S ░░░░░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

🔓 Join discord.gg/killers for premium features!

---

🎯 Features

Tool	Language	Description	Free	Premium
memhunter	Rust	Memory analysis & extraction	✅	🔥
filecarve	Zig	High-speed file recovery	✅	🔥
timeliner	Rust	Forensic timeline generator	✅	🔥
hasher	Rust	Recursive hash verification	✅	🔥
peanalyze	Python	PE/ELF malware triage	✅	🔥
regparse	Rust	Windows registry parser	❌	🔥

---

📁 Structure

nullsec-forensics/
├── rust/
│   ├── memhunter/       # Memory forensics
│   ├── timeliner/       # Timeline generation
│   ├── hasher/          # File hashing
│   └── regparse/        # Registry parsing
├── zig/
│   ├── filecarve/       # File carving
│   └── diskimage/       # Disk imaging
├── python/
│   ├── peanalyze.py     # PE analysis
│   ├── elfparse.py      # ELF analysis
│   ├── yara_scan.py     # YARA scanning
│   └── strings_plus.py  # Enhanced strings
└── scripts/
    ├── acquire.sh       # Evidence acquisition
    └── report.py        # Report generation

---

🔧 Tool Details

memhunter (Rust) - Memory Forensics

Features:

• Process memory dumping
• String extraction with encoding detection
• Pattern/regex searching
• Credential extraction (LSASS, browsers)
• Rootkit detection signatures

# Dump process memory
sudo ./memhunter -p 1234 -o dump.bin

# Search for patterns
./memhunter -i dump.bin -s "password" --context 50

# Extract strings
./memhunter -i dump.bin --strings -e utf16 -o strings.txt

# Hunt for credentials
sudo ./memhunter --creds -o credentials.json

filecarve (Zig) - File Recovery

Supported formats:

• Images: JPEG, PNG, GIF, BMP, TIFF
• Documents: PDF, DOCX, XLSX, PPTX
• Archives: ZIP, RAR, 7Z, TAR
• Media: MP3, MP4, AVI, MKV
• Databases: SQLite, MySQL dumps

# Carve from disk image
./filecarve -i disk.dd -o recovered/ --all

# Specific file types
./filecarve -i disk.dd -o recovered/ -t jpeg,pdf,docx

# Raw device (requires root)
sudo ./filecarve -i /dev/sda -o recovered/ -t all

---

🚀 Quick Start

# Memory acquisition
sudo ./memhunter --acquire -o memory.raw

# Analyze memory dump
./memhunter -i memory.raw --processes
./memhunter -i memory.raw --network
./memhunter -i memory.raw --strings -o strings.txt

# File carving
./filecarve -i evidence.dd -o recovered/

# Generate timeline
./timeliner -i evidence.dd -o timeline.csv

# Hash verification
./hasher -d /evidence -a sha256 -o hashes.txt
./hasher --verify hashes.txt

---

⚠️ Legal Disclaimer

For authorized forensic investigations only. Follow proper chain of custody procedures.

---

NullSec Framework | GitHub | Discord