Forensics

File Scanning Frameworks for Malware Analysis and Incident Response

This article presents several new open source frameworks meant to simplify static file scanning for malware analysis and incident response: MASTIFF, Viper, IRMA and a few others. Their goal is to provide an extensible framework to integrate many existing scanning tools.

pyxswf - a python tool to extract SWF (Flash) objects from documents (improved xxxswf)

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.

rtfobj - a python tool to extract embedded objects from RTF files

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package. 

oleid - a python tool to quickly analyze OLE files

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

olebrowse - a simple python GUI to browse OLE files and extract streams

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.

Syndicate content