AFOT - Automation Forensics Tool for Windows.

AFOT – Automation Forensics Tool for Windows.

The Automatic FOrensics Tool (AFOT) is an automation tool build in Python and used for Windows Forensics in order to combine the following tools:
+ AnalyzePESig (
+ National Software Reference Library reduced set (
+ NSRL Tool (
+ VirusTotal Search Tool (
– Python 2.7.x
– VirusTotal API key

So the procedure is pretty straight-forward:
+ The user provides the path, which will be used to analyze all the executables included in those folders/subfolders.
+ AnalyzePESig looks for signed executables, whom certificate will soon be revoked.
+ AFOT will collect all the non-signed executables and cross-check them with NSRL’s hashset database, using the NSRL tool.
+ Last but not least, if any hashes were found to be in NSRL’s hashset database too, we cross-check those hashes with VirusTotal, using the VirusTotal Search tool.

Usage & Download: