The uploaded file is read from PHP temp storage for hashing. This page does not save it into the project.
These utilities are local defensive helpers: hashing, decoding, IOC extraction, and simple quality checks. They do not scan third-party systems or automate exploitation.
For real case work, record the input source, analyst name, timestamp, and resulting hashes in your case notes.
Packet capture review, protocol inspection, suspicious connection analysis, and network troubleshooting.
Authorized asset discovery and service inventory for your own lab, network, or approved client scope.
Manual web application testing, proxy inspection, request replay, and OWASP learning workflows.
Pattern-based malware and suspicious file classification using readable detection rules.
Portable log detection rules that can be converted across SIEM and detection platforms.
Memory forensics framework for analyzing captured memory images during incident response.
Digital forensics platform for disk images, timelines, file metadata, and artifact review.
Endpoint visibility through SQL-like queries over system state, processes, users, and configuration.
Data transformation workbench for encoding, decoding, hashing, parsing, and investigation notes.
| Scenario | Tool Type | Goal | Evidence Output |
|---|---|---|---|
| Unknown network activity | Wireshark / Zeek | Inspect flows, DNS, TLS metadata, protocols | PCAP notes, flow summary, suspicious endpoints |
| Approved asset inventory | Nmap | Identify hosts and exposed services in authorized scope | Service list, open ports, version notes |
| Suspicious file | YARA / CyberChef | Hash, classify, decode strings, compare indicators | SHA hashes, rule matches, decoded artifacts |
| Endpoint investigation | OSQuery / Sigma | Review processes, persistence, event patterns | Query results, detection matches, timeline |
| Disk or phone artifact review | Autopsy / WA Forensics | Review files, metadata, exports, attachments | Reports, inventory, hashes, case notes |
Use these tools only on systems, networks, applications, and files where you have authorization. Keep raw evidence read-only and record every transformation.