Digital Forensics Artifact Collection Tools

Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and a symbolic deobfuscation engine that restores original code structure by renaming obfuscated identifiers. Beyond its graphical interface, Jadx offers a binary analysis library that allows developers to embed automated decompilation and source code extraction directly into custom security pipelines and software workflows. These capabilities enable detailed application security auditing and the investigation of mobile malware by tracing interactions across large, complex codebases. The platform includes extensive tooling for code navigation, such as cross-referencing class and method usage, jumping to declarations, and mapping dependencies within binary projects. To support the analysis of massive packages, it incorporates performance-oriented features like disk-backed caching, in-memory indexing, and configurable package exclusion to manage memory consumption and processing speed.

LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital forensic analysis and security auditing by gathering recovered credentials and exporting them into structured text or JSON formats for external storage and analysis.

Win11Debloat is a command-line utility designed to automate the configuration, privacy hardening, and maintenance of Windows environments. It functions as a centralized tool for streamlining the operating system by removing pre-installed software, disabling telemetry and diagnostic tracking, and adjusting system settings to enhance performance and user privacy. The project distinguishes itself through its support for declarative configuration profiles and audit-mode provisioning, which allow administrators to define and enforce consistent system states across multiple machines. Users can interact with the tool through an intuitive terminal-based menu or utilize command-line arguments for automated, non-interactive deployments. It also provides granular control over interface elements, such as taskbar and start menu layouts, ensuring that environment adjustments can be standardized for individual user accounts or entire organizations. Beyond basic cleanup, the tool integrates registry-based management and transactional state restoration to ensure that modifications are applied safely. It includes built-in support for creating system restore points and registry backups, providing a mechanism to revert changes or reinstall previously removed components if necessary. The entire suite is powered by PowerShell scripts that interface directly with system APIs to manage application lifecycles and environment configurations.

radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary patching, malware analysis, and software vulnerability research. It features a plugin-based architecture to extend core functionality and an embedded scripting engine to automate analysis workflows.

This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal-based utilities and scriptable interfaces to facilitate efficient system administration and repeatable security workflows. It distinguishes itself through a platform-agnostic approach, maintaining documentation and operational guides that remain applicable across diverse Unix-like and cloud-based environments. This modular toolchain integration allows users to compose custom environments tailored to specific administrative or security tasks. The repository covers a broad capability surface, including comprehensive toolkits for system auditing, network management, and infrastructure hardening. It provides structured learning paths for cybersecurity skill development, ranging from ethical hacking labs and penetration testing standards to vulnerability assessment and system configuration best practices. The collection also encompasses a wide array of productivity tools, diagnostic utilities, and educational materials designed to streamline routine maintenance and enhance overall security posture.

This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert problem-solving methodologies and writeups, enabling users to discover specialized toolchains and infrastructure configurations for both participating in and hosting competitive hacking events. Beyond its role as a directory, the project covers a broad capability surface including the deployment of isolated lab environments and the configuration of automated systems for security research. It provides access to frameworks for vulnerability analysis, credential testing, and the orchestration of simulated attack scenarios. The collection is maintained as an open-source resource, allowing for collaborative updates to ensure the relevance of its indexed tools and documentation.

LeakCanary is a diagnostic tool designed to identify memory leaks by monitoring object lifecycles and analyzing heap snapshots. It automatically detects objects that fail to be garbage collected after their expected lifespan, providing developers with actionable insights to prevent performance degradation and application crashes. The project distinguishes itself by offloading memory-intensive heap parsing to a separate background process, which minimizes performance impact on the main application during runtime. It includes sophisticated deobfuscation capabilities that map obfuscated stack traces back to original source code, and it supports granular control through reference filtering and custom inspection logic to suppress known false positives. Beyond core detection, the tool offers comprehensive configuration options for managing analysis thresholds, build-specific behaviors, and environment-specific monitoring. It provides both deep heap analysis for development environments and lightweight instance tracking for production builds, ensuring memory health can be monitored across the entire application lifecycle.

Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application.

This project is a centralized management interface designed for the optimization, configuration, and maintenance of Windows desktop operating systems. It provides a comprehensive suite of tools for system debloating, automated software deployment, and deep-level performance tuning, allowing users to modify low-level settings that are otherwise inaccessible through standard interfaces. The platform distinguishes itself through its ability to create personalized, custom installation images, enabling users to remove unwanted components, bypass hardware checks, and pre-configure system defaults before deployment. It utilizes a declarative preset system that maps user-selected options to specific registry modifications and command sequences, ensuring consistent environments across multiple machines. Furthermore, the tool includes a state-reversion mechanism that tracks applied changes, providing a reliable way to undo specific tweaks and restore the system to a previous configuration state. Beyond core optimization, the project covers a broad range of administrative capabilities, including bulk software installation, network and DNS configuration, and the management of system update behaviors. It also integrates diagnostic utilities for system repair and recovery, helping to resolve common configuration errors, file corruption, and connectivity issues through automated scripts. The utility is built on a foundation of modular PowerShell scripts, providing a centralized command-line interface for orchestrating complex administrative tasks and standardizing system environments.

This project is a collection of batch-based automation tools designed for managing software licensing, system configuration, and deployment. It provides a comprehensive toolkit for authorizing operating systems and productivity suites through various methods, including digital licensing, volume activation, and key management service emulation. The toolkit distinguishes itself by offering specialized routines for both modern and legacy software environments. It employs advanced techniques such as hardware identity generation, dynamic memory hooking, and registry-level state manipulation to maintain persistent activation. Beyond licensing, the project includes utilities for retrieving official installation media, verifying file integrity via cryptographic checksums, and performing system repairs to resolve configuration or authorization errors. The software covers a broad range of administrative tasks, including automated deployment, unattended installation customization, and the restoration of licensing components. It also provides diagnostic features to verify current activation states and troubleshoot common configuration failures. The entire suite is implemented as a modular set of command-line scripts intended for local machine management and system maintenance.