Didier Stevens tools - reuteras/dfirws GitHub Wiki

Didier Stevens tools are available under C:\Tools\DidierStevens.

Below is a collection of links to ISC Storm Center that uses the tools in Didier Stevens suite. All the examples can be run in dfirws. I have also added PDF:s for offline use.

• String Obfuscation: Character Pair Reversal (pdf)
  • zipdump.py
  • strings.py
  • re-search.py
  • python-per-line.py
• Extra: "String Obfuscation: Character Pair Reversal" (pdf)
  • strings.py
  • python-per-line.py (Reverse and ReverseFind)
  • numbers-to-strings.py
• Extracting Multiple Streams From OLE Files (pdf)
  • oledump.py
  • file-magic.py
  • myjson-filter.py
  • Uses --jsoninput and --jsonoutput in the pipe
• Another Malicious HTA File Analysis - Part 1 (pdf)
  • zipdump.py
  • python-per-line.py (--split, --regex, oMatch.groups() and --join)
• Another Malicious HTA File Analysis - Part 2 (pdf)
  • zipdump.py
  • python-per-line.py (--split, --regex, --join)
  • base64dump.py (--jsonoutput)
  • myjson-transform.py (--script)
  • numbers-to-string.py