capa
Apache-2.0๐ฌ Digital Forensics ยท Python
Capa is an automated tool for identifying capabilities in executable files, detecting techniques such as persistence mechanisms, command and control (C2) communications, and anti-analysis methods. Built in Python, Capa uses a rule-based approach to analyze binary files and report on the functionalities they contain. This tool is essential for malware analysis, aiding security researchers in understanding the potential impact of a sample.
Tags
Details
- Category
- ๐ฌ Digital Forensics
- Language
- Python
- Repository
- mandiant/capa
- License
- Apache-2.0
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.