Forensia – Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
Anti Forensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase.
Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams.
Capabilities
- Unloading Sysmon Driver.
- Gutmann Method File Shredding.
- USNJrnl Disabler.
- Prefetch Disabler.
- Log Eraser and Event log Disabler.
- User Assist Update Time Disabler.
- Access Time Disabler.
- Clear Recent Items
- Clear Shim Cache
- Clear RecentFileCache
- Clear ShellBag
- Delete Windows Defender Quarantine Files
- File Melting Capabilities.
Important Update
Added:
- Clear Recent Items
- Clear Shim Cache
- Clear RecentFileCache
- Clear ShellBag
- Clear Quanatine Files
TODO
-
USNJRnl Execution On All Disk Drives.
-
Unallocated Space ReWriting.
-
A Bit of Polishing.
Credits
https://github.com/Naranbataar/Corrupt
https://github.com/LloydLabs/delete-self-poc
https://github.com/OsandaMalith/WindowsInternals/blob/master/Unload_Minifilter.c
https://stackoverflow.com/users/15168/jonathan-leffler
https://github.com/GiovanniDicanio/WinReg
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
