LiatDalgo/Analyzer

📖 概述 计算机调查依赖于高效提取信息的能力。本项目是一个自动化取证工具，旨在从 Windows 内存转储和 HDD 镜像中提取并分析数据。通过利用自动化，该脚本减少了人为错误并加快了关键证据的提取速度。 ⚙️ 分析工作流 ``` Validation: The script ensures root privileges and verifies the target image path. Environment Prep: Automated check and installation of forensics dependencies. Data Extraction: Execution of carving engines (Foremost, Binwalk, Bulk Extractor) to recover files. Memory Triage: Deep memory profile identification followed by process and network analysis using Volatility. Packaging: Final report generation and secure compression of all artifacts into a ZIP file. ``` 🛠️ 使用工具 ``` Languages: Bash Scripting (Automation). Forensics Tools: Volatility, Bulk Extractor, Binwalk, Foremost, Strings. Platform: Linux-based forensics environment (Kali/Ubuntu). ``` 🚀 如何运行 ``` # 使脚本可执行 chmod +x win-forensics-analyzer.sh # 以 root 身份运行 analyzer sudo ./win-forensics-analyzer.sh ```

标签：GhostArchive, HTTPS请求, JARM, Linux工具, Windows取证, 二进制分析, 云安全运维, 内存分析, 库, 应急响应, 应用安全, 开源取证, 数字取证, 数字调查, 数据 carving, 数据恢复, 文件雕刻, 电子取证, 硬盘分析, 端口探测, 网络安全, 自动化取证, 自动化脚本, 证据提取, 路径枚举, 进程分析, 隐私保护