A trick and a treat this week with a quiet milestone for cross-platform DFIR tooling — MalChelaGUI now runs seamlessly inside Windows through Ubuntu WSL2, with zero configuration required. #DFIR #MalwareAnalysis

Digital Forensics and Incident Response (DFIR) has evolved rapidly from purely reactive investigations to incorporating proactive approaches that utilize cloud-powered forensics and AI. But while the ...

These agents are using masks to shield themselves from accountability for their willingness to participate in dangerous overreach. (51529 signatures on petition)

In digital forensics, reliable storage is essential for effective workflows. Crabwise, a USB benchmarking utility, addresses performance variability by calculating read and write speeds under direct conditions, bypassing caching. It logs results for easy comparison, allowing users to optimize connections. This tool ensures informed decisions on hardware setups, improving efficiency and consistency in forensics tasks.

The recent update of MalChela 3.0.2 introduces MITRE Lookup, a tool that allows forensic investigators to search the MITRE ATT&CK framework offline. This feature enhances investigation speed by supporting keyword and Technique ID searches while providing tactic categories and detection guidance. Users can save results directly for future reference, enhancing analysis efficiency.

Toby-Find is a terminal-based tool designed for digital forensics, providing users with an easy way to discover command-line tools available in KALI and REMnux. Initially created for a university course, it allows quick searches for tools, descriptions, and examples, enhancing usability in forensic analysis without memorization or manual searching.

🎯 MalChela v3.0.1 is live Sharper strings. Smarter signals. This update tightens forensic detection across the board: • ✅ Improved mstrings output and MITRE mappings • 🔎 Built-in MITRE technique lookup (GUI) • 📁 FileMiner gets “select all” + subtool optimizations • 🧠 Smarter regex, better signal-to-noise for analysts • 🦀 Compiled & tuned for --release performance Still a one-crab shop, but contributions welcome. 👉 🧰 Docs: #DFIR #MalwareAnalysis

Toby is a compact, portable forensics toolkit built on a Raspberry Pi Zero 2 W, designed for ease of use in field analysis and malware triage. It operates headlessly via SSH or VNC, supports variou…

MalChela v3.0 enhances investigative workflows by introducing cases for organization, replacing MismatchMiner with FileMiner for improved file analysis, and suggesting tools based on file characteristics, streamlining the analysis process. #MalChela #DFIR #MalwareAnalysis

A short while back, I released a pair of tools for building MD5 hash sets — one targeting known-good gold builds, the other designed for scanning malware corpora. The goal was simple: generate hash sets that could be used in forensics tools like Axiom Cyber to flag IOC matches during case processing. Recently, I hit a familiar problem: I had a hash and wanted to know if that file existed in my malware library.

MalChela’s 2.2 update is packed with practical and platform-friendly improvements. It includes native support for REMnux, better tool settings, and deeper integrations with analysis tools like YARA-X, Tshark, Volatility3, and the newly improved fileanalyzer module. 🦀 REMnux Edition: Built-In Support, Zero Tweaks When the GUI loads a REMnux-specific tools.yaml profile, it enters REMnux mode.

CyberPipe v5.1 is out with a few targeted improvements to make live response a bit smoother. What’s New: Collection profiles can now be passed directly as arguments using -CollectionProfile. No nee…

MalChela - the Rust based YARA and Malware analysis toolkit.

🚀 MalChela v2.1 is now live! This update focuses on smoother workflows, better third-party tool integration, and more control for forensic analysts and malware researchers. 🔹 Quickly re-run tools with different arguments — no need to rebuild commands 🔹 Easily integrate external binaries or scripts via tools.yaml 🔹 Save clean, consistent reports — even from tools that don’t natively generate output 🔹 Switch between tools without losing context Whether you’re parsing suspicious PDFs, analyzing YARA matches, or chaining tools together during triage, MalChela aims to keep things practical and fast. 🛠️ Full release notes & downloads: 👉 📘 User guide: 👉 Thanks to everyone who’s tested, suggested improvements, or contributed ideas — this community is what keeps it going. #dfir #malwareanalysis #rustlang #yara #digitalforensics #opensource #threatintel #malchela