AFOT - Automation Forensics Tool for Windows.

AFOT – Automation Forensics Tool for Windows.

The Automatic FOrensics Tool (AFOT) is an automation tool build in Python and used for Windows Forensics in order to combine the following tools:
+ AnalyzePESig (http://didierstevens.com/files/software/AnalyzePESig_V0_0_0_2.zip)
+ National Software Reference Library reduced set (http://www.nsrl.nist.gov/RDS/rds_2.52/rds_252m.zip)
+ NSRL Tool (http://didierstevens.com/files/software/nsrl_V0_0_2.zip)
+ VirusTotal Search Tool (http://didierstevens.com/files/software/virustotal-search_V0_1_2.zip)afotRequirement:
– Python 2.7.x
– VirusTotal API key

So the procedure is pretty straight-forward:
+ The user provides the path, which will be used to analyze all the executables included in those folders/subfolders.
+ AnalyzePESig looks for signed executables, whom certificate will soon be revoked.
+ AFOT will collect all the non-signed executables and cross-check them with NSRL’s hashset database, using the NSRL tool.
+ Last but not least, if any hashes were found to be in NSRL’s hashset database too, we cross-check those hashes with VirusTotal, using the VirusTotal Search tool.

Usage & Download:

Source: https://github.com/harris21