{"id":26509,"date":"2022-08-22T14:05:16","date_gmt":"2022-08-22T14:05:16","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=26509"},"modified":"2022-08-22T14:05:17","modified_gmt":"2022-08-22T14:05:17","slug":"pict","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/pict\/","title":{"rendered":"Pict : Post-Infection Collection Toolkit"},"content":{"rendered":"\n<p><strong>Pict<\/strong>, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a&nbsp;<em>lot<\/em>&nbsp;of useful forensic information.<\/p>\n\n\n\n<p>If you want true forensic data, you should really capture a full memory dump and image the entire drive. That is not within the scope of this toolkit.<\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#how-to-use\"><\/a>How to use<\/h2>\n\n\n\n<p>The script must be run on a live system, not on an image or other forensic data store. It does not strictly&nbsp;<em>require<\/em>&nbsp;root permissions to run, but it will be unable to collect much of the intended data without.<\/p>\n\n\n\n<p>Data will be collected in two forms. First is in the form of summary files, containing output of shell commands, data extracted from databases, and the like. For example, the&nbsp;<code><strong>browser<\/strong><\/code>&nbsp;module will output a&nbsp;<code><strong>browser_extensions.txt<\/strong><\/code>&nbsp;file with a summary of all the browser extensions installed for Safari, Chrome, and Firefox.<\/p>\n\n\n\n<p>The second are complete files collected from the filesystem. These are stored in an&nbsp;<code>artifacts<\/code>&nbsp;subfolder inside the collection folder.<\/p>\n\n\n\n<h3 class=\"has-text-align-center wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#syntax\"><\/a>Syntax<\/h3>\n\n\n\n<p>The script is very simple to run. It takes only one parameter, which is required, to pass in a configuration script in JSON format:<\/p>\n\n\n\n<p><code><strong>.\/pict.py -c \/path\/to\/config.json<\/strong><\/code><\/p>\n\n\n\n<p>The configuration script describes what the script will collect, and how. It should look something like this:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>{<br>&#8220;collection_dest&#8221; : &#8220;~\/Desktop\/&#8221;,<br>&#8220;all_users&#8221; : true,<br>&#8220;collectors&#8221; : {<br>&#8220;browser&#8221; : &#8220;BrowserExtCollector&#8221;,<br>&#8220;persist&#8221; : &#8220;PersistenceCollector&#8221;,<br>&#8220;suspicious&#8221; : &#8220;SuspiciousBehaviorCollector&#8221;,<br>&#8220;browserhist&#8221; : &#8220;BrowserHistoryCollector&#8221;,<br>&#8220;bash_config&#8221; : &#8220;BashConfigCollector&#8221;,<br>&#8220;bash_hist&#8221; : &#8220;BashHistoryCollector&#8221;,<br>&#8220;processes&#8221; : &#8220;ProcessCollector&#8221;,<br>&#8220;network_config&#8221; : &#8220;NetworkConfigCollector&#8221;,<br>&#8220;profiles&#8221; : &#8220;ProfileCollector&#8221;,<br>&#8220;certs&#8221; : &#8220;TrustedCertCollector&#8221;<br>},<br>&#8220;settings&#8221; : {<br>&#8220;keepLSData&#8221; : true,<br>&#8220;zipIt&#8221; : true<br>},<br>&#8220;moduleSettings&#8221; : {<br>&#8220;browser&#8221; : {<br>&#8220;collectArtifacts&#8221; : true<br>}<br>},<br>&#8220;unused&#8221; : {<br>&#8220;installs&#8221; : &#8220;InstallationCollector&#8221;<br>}<br>}<\/strong><\/p>\n\n\n\n<h4 class=\"has-text-align-center wp-block-heading\">collection_dest<\/h4>\n\n\n\n<p>This specifies the path to store the collected data in. It can be an absolute path or a path relative to the user&#8217;s home folder (by starting with a tilde). The default path, if not specified, is&nbsp;<code><strong>\/Users\/Shared<\/strong><\/code>.<\/p>\n\n\n\n<p>Data will be collected in a folder created in this location. That folder will have a name in the form&nbsp;<code><strong>PICT-computername-YYYY-MM-DD<\/strong><\/code>, where the computer name is the name of the machine specified in&nbsp;<em>System Preferences<\/em>&nbsp;&gt;&nbsp;<em>Sharing<\/em>&nbsp;and date is the date of collection.<\/p>\n\n\n\n<h4 class=\"has-text-align-center wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#all_users\"><\/a>all_users<\/h4>\n\n\n\n<p>If true, collects data from all users on the machine whenever possible. If false, collects data only for the user running the script. If not specified, this value defaults to true.<\/p>\n\n\n\n<h4 class=\"has-text-align-center wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#collectors\"><\/a>collectors<\/h4>\n\n\n\n<p>PICT is modular, and can easily be expanded or reduced in scope, simply by changing what Collector modules are used.<\/p>\n\n\n\n<p>The&nbsp;<code><strong>collectors<\/strong><\/code>&nbsp;data is a dictionary where the key is the name of a module to load (the name of the Python file without the&nbsp;<code><strong>.py<\/strong><\/code>&nbsp;extension) and the value is the name of the Collector subclass found in that module. You can add additional entries for custom modules (see&nbsp;Writing your own modules), or can remove entries to prevent those modules from running. One easy way to remove modules, without having to look up the exact names later if you want to add them again, is to move them into a top-level dictionary named&nbsp;<code><strong>unused<\/strong><\/code>.<\/p>\n\n\n\n<h4 class=\"has-text-align-center wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#settings\"><\/a>settings<\/h4>\n\n\n\n<p>This dictionary provides global settings.<\/p>\n\n\n\n<p><code><strong>keepLSData<\/strong><\/code>&nbsp;specifies whether the&nbsp;<code><strong>lsregister.txt<\/strong><\/code>&nbsp;file &#8211; which can be quite large &#8211; should be kept. (This file is generated automatically and is used to build output by some other modules. It contains a wealth of useful information, but can be well over 100 MB in size. If you don&#8217;t need all that data, or don&#8217;t want to deal with that much data, set this to false and it will be deleted when collection is finished.)<\/p>\n\n\n\n<p><code><strong>zipIt<\/strong><\/code>&nbsp;specifies whether to automatically generate a zip file with the contents of the collection folder. Note that the process of zipping and unzipping the data will change some attributes, such as file ownership.<\/p>\n\n\n\n<h4 class=\"has-text-align-center wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#modulesettings\"><\/a>moduleSettings<\/h4>\n\n\n\n<p>This dictionary specifies module-specific settings. Not all modules have their own settings, but if a module does allow for its own settings, you can provide them here. In the above example, you can see a boolean setting named&nbsp;<code><strong>collectArtifacts<\/strong><\/code>&nbsp;being used with the&nbsp;<code><strong>browser<\/strong><\/code>&nbsp;module.<\/p>\n\n\n\n<p>There are also global module settings that are maintained by the Collector class, and that can be set individually for each module.<\/p>\n\n\n\n<p><code><strong>collectArtifacts<\/strong><\/code>&nbsp;specifies whether to collect the file artifacts that would normally be collected by the module. If false, all artifacts will be omitted for that module. This may be needed in cases where storage space is a consideration, and the collected artifacts are large, or in cases where the collected artifacts may represent a privacy issue for the user whose system is being analyzed.<\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#writing-your-own-modules\"><\/a>Writing your own modules<\/h2>\n\n\n\n<p>Modules must consist of a file containing a class that is subclassed from Collector (defined in&nbsp;<code><strong>collectors\/collector.py<\/strong><\/code>), and they must be placed in the&nbsp;<code><strong>collectors<\/strong><\/code>&nbsp;folder. A new Collector module can be easily created by duplicating the&nbsp;<code><strong>collectors\/template.py<\/strong><\/code>&nbsp;file and customizing it for your own use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#def-__init__self-collectionpath-allusers\"><\/a><code>def __init__(self, collectionPath, allUsers)<\/code><\/h3>\n\n\n\n<p>This method can be overridden if necessary, but the super Collector.<strong>init<\/strong>()&nbsp;<strong>must<\/strong>&nbsp;be called in such a case, preferably before your custom code executes. This gives the object the chance to get its properties set up before your code tries to use them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#def-printstartinfoself\"><\/a><code>def printStartInfo(self)<\/code><\/h3>\n\n\n\n<p>This is a very simple method that will be called when this module&#8217;s collection begins. Its intent is to print a message to stdout to give the user a sense of progress, by providing feedback about what is happening.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#def-applysettingsself-settingsdict\"><\/a><code>def applySettings(self, settingsDict)<\/code><\/h3>\n\n\n\n<p>This gives the module the chance to apply any custom settings. Each module can have its own self-defined settings, but the settingsDict should also be passed to the super, so that the Collection class can handle any settings that it defines.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/thomasareed\/pict#def-collectself\"><\/a><code>def collect(self)<\/code><\/h3>\n\n\n\n<p>This method is the core of the module. This is called when it is time for the module to begin collection. It can write as many files as it needs to, but should confine this activity to files within the path&nbsp;<code><strong>self.collectionPath<\/strong><\/code>, and should use filenames that are not already taken by other modules.<\/p>\n\n\n\n<p>If you wish to collect artifacts, don&#8217;t try to do this on your own. Simply add paths to the&nbsp;<code><strong>self.pathsToCollect<\/strong><\/code>&nbsp;array, and the Collector class will take care of copying those into the appropriate subpaths in the&nbsp;<code><strong>artifacts<\/strong><\/code>&nbsp;folder, and maintaining the metadata (permissions, extended attributes, flags, etc) on the artifacts.<\/p>\n\n\n\n<p>When the method finishes, be sure to call the super (<code><strong>Collector.collect(self)<\/strong><\/code>) to give the Collector class the chance to handle its responsibilities, such as collecting artifacts.<\/p>\n\n\n\n<p>Your&nbsp;<code><strong>collect<\/strong><\/code>&nbsp;method can use any data collected in the&nbsp;<code><strong>basic_info.txt<\/strong><\/code>&nbsp;or&nbsp;<code><strong>lsregister.txt<\/strong><\/code>&nbsp;files found at&nbsp;<code><strong>self.collectionPath<\/strong><\/code>. These are collected at the beginning by the&nbsp;<code><strong>pict.py<\/strong><\/code>&nbsp;script, and can be assumed to be available for use by any other modules. However, you should not rely on output from any other modules, as there is no guarantee that the files will be available when your module runs. Modules may not run in the order they appear in your configuration JSON, since Python dictionaries are unordered.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/thomasareed\/pict\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a&nbsp;lot&nbsp;of useful forensic information. If you want true forensic data, you should really [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":26520,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[5537,5538],"class_list":["post-26509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-pict","tag-post-infection"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials<\/title>\n<meta name=\"description\" content=\"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/pict\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials\" \/>\n<meta property=\"og:description\" content=\"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/pict\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-22T14:05:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-22T14:05:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Pict : Post-Infection Collection Toolkit\",\"datePublished\":\"2022-08-22T14:05:16+00:00\",\"dateModified\":\"2022-08-22T14:05:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/\"},\"wordCount\":1180,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\",\"keywords\":[\"Pict\",\"Post-Infection\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/pict\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/pict\/\",\"name\":\"Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\",\"datePublished\":\"2022-08-22T14:05:16+00:00\",\"dateModified\":\"2022-08-22T14:05:17+00:00\",\"description\":\"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/pict\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png\",\"width\":\"728\",\"height\":\"488\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials","description":"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/pict\/","og_locale":"en_US","og_type":"article","og_title":"Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials","og_description":"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.","og_url":"https:\/\/kalilinuxtutorials.com\/pict\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-08-22T14:05:16+00:00","article_modified_time":"2022-08-22T14:05:17+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/pict\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/pict\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Pict : Post-Infection Collection Toolkit","datePublished":"2022-08-22T14:05:16+00:00","dateModified":"2022-08-22T14:05:17+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/pict\/"},"wordCount":1180,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","keywords":["Pict","Post-Infection"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/pict\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/pict\/","url":"https:\/\/kalilinuxtutorials.com\/pict\/","name":"Pict : Post-Infection Collection Toolkit !!! Kali Linux Tutorials","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","datePublished":"2022-08-22T14:05:16+00:00","dateModified":"2022-08-22T14:05:17+00:00","description":"Pict, this set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/pict\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/pict\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","width":"728","height":"488"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiL8yFaxO_yfj8cZaeKUnIxsCvpxyeYDv3g2MRBAlMLFEHVacpOaMhvCvba7EGebWMTdt6G6TfHl24Br1RRCZuL49uvPZQv79nVFuugIY3NKjNpUM_Sevj1mIYYR1TyqWrvKAP3zTYkRuLiM7klGeaCVJrqlk5-jH6aV9N66UNWzB4gF5wkQBB61MbF\/s728\/Pict%20(2).png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":6015,"url":"https:\/\/kalilinuxtutorials.com\/osxcollector-analysis-toolkit-os-x\/","url_meta":{"origin":26509,"position":0},"title":"OSXCollector : A Forensic Evidence Collection &#038; Analysis Toolkit For OS X","author":"R K","date":"August 2, 2019","format":false,"excerpt":"OSXCollector is a forensic evidence collection & analysis toolkit for OSX. The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis Armed with the forensic collection, an\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":33174,"url":"https:\/\/kalilinuxtutorials.com\/forensics-tools\/","url_meta":{"origin":26509,"position":1},"title":"Forensics Tools &#8211; A Comprehensive Guide To Free And Open Source Resources","author":"Varshini","date":"May 23, 2024","format":false,"excerpt":"In the evolving field of digital forensics, having access to the right tools can make all the difference. This article provides a curated list of free and open-source forensic tools and resources designed for various types of digital investigations. From live forensics and data acquisition to detailed artifact analysis and\u2026","rel":"","context":"In &quot;Forensics&quot;","block_context":{"text":"Forensics","link":"https:\/\/kalilinuxtutorials.com\/category\/f\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhaaKandueeSWEoNFSs794dZdjmBqCHUsrkZN0epzZr0qZDYUvXbXxLcdidDEGcbgcwyx6PEPBuuYcbGV92nEXRszauwlVanM6ZfyPk9ZYYqtKngMDDczDbdgAyVzKW4ZWnXl5mZlFbVFLFeb-ueflGsUlqqXdyG_ulYu03jrgsthTV82C_WH8vfPwNAd7o\/s16000\/Forensics%20Tools%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":33180,"url":"https:\/\/kalilinuxtutorials.com\/mvt\/","url_meta":{"origin":26509,"position":2},"title":"Mobile Verification Toolkit (MVT) &#8211; A Forensic Tool For Investigating Spyware On Mobile Devices","author":"Varshini","date":"May 23, 2024","format":false,"excerpt":"Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the\u00a0Amnesty International Security Lab\u00a0in July 2021 in the context of the\u00a0Pegasus Project\u00a0along with\u00a0a\u2026","rel":"","context":"In &quot;Forensics&quot;","block_context":{"text":"Forensics","link":"https:\/\/kalilinuxtutorials.com\/category\/f\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj0_iM9xETxfU5urAr3r_nV_VIQ80k82hpNuYOrhOG48F-cQnhlqQntte67rw4-_0mtatQfgAYjG_V_OkIIweGQQQworidTeJ14RryIXPDGG6oC3di5CX_dWSlq-KgL53OpeuZAsmsYYofRLSmyoEQI0b_vHZHs_oDbHepMxI0OLDxrWkPsfGT1KraQkG3O\/s16000\/MVT%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":33060,"url":"https:\/\/kalilinuxtutorials.com\/awesome-anti-forensic\/","url_meta":{"origin":26509,"position":3},"title":"The Arsenal : A Comprehensive Guide To Anti-Forensic Tools And Techniques","author":"Varshini","date":"May 14, 2024","format":false,"excerpt":"Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information. Tools System\/Digital Image Afflib\u00a0: An extensible open format for the\u2026","rel":"","context":"In &quot;Forensics&quot;","block_context":{"text":"Forensics","link":"https:\/\/kalilinuxtutorials.com\/category\/f\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEihMQ2qxhf0ajcgiKbg7B6oyNRyWx6hwfIv4Vq2rkYSYZtSG-JdQ9pM9yj_xVCLYqzb0PGopZtGnxQY-N8eFoKz-MQClIR_lemtoMlT0BmVM96EfqKqftFl19Y5YgqbEJkpfjay9NxOhQa6sCLgTEMrLatRl5W0XQ-CMw5nabAVDW2r2qvxbD2Jox_BFv-U\/s16000\/Awesome%20Anti%20Forensic.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":22626,"url":"https:\/\/kalilinuxtutorials.com\/wireshark-forensics-plugin\/","url_meta":{"origin":26509,"position":4},"title":"Wireshark-Forensics-Plugin : A cross-platform Wireshark plugin that correlates network traffic data","author":"R K","date":"March 10, 2022","format":false,"excerpt":"Wireshark-Forensics-Plugin is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic\/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiuq_ZQ9b1bvJJVORn5CG2_oWIVDYRCcLcPBU11L7kFlfLiZJTvmmh0k_Xm0OoJol2FmXRGbjDgoVbkODilTY4p1Hq_QjKjb3DmhjBZp8qTofvzmTM61GpvkOG2eqzslSdo7fe6JlviV7I6WGSc0qkHxE_dJWftdMFQjob-qLm4NDnX49UreopHO2rT=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiuq_ZQ9b1bvJJVORn5CG2_oWIVDYRCcLcPBU11L7kFlfLiZJTvmmh0k_Xm0OoJol2FmXRGbjDgoVbkODilTY4p1Hq_QjKjb3DmhjBZp8qTofvzmTM61GpvkOG2eqzslSdo7fe6JlviV7I6WGSc0qkHxE_dJWftdMFQjob-qLm4NDnX49UreopHO2rT=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiuq_ZQ9b1bvJJVORn5CG2_oWIVDYRCcLcPBU11L7kFlfLiZJTvmmh0k_Xm0OoJol2FmXRGbjDgoVbkODilTY4p1Hq_QjKjb3DmhjBZp8qTofvzmTM61GpvkOG2eqzslSdo7fe6JlviV7I6WGSc0qkHxE_dJWftdMFQjob-qLm4NDnX49UreopHO2rT=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiuq_ZQ9b1bvJJVORn5CG2_oWIVDYRCcLcPBU11L7kFlfLiZJTvmmh0k_Xm0OoJol2FmXRGbjDgoVbkODilTY4p1Hq_QjKjb3DmhjBZp8qTofvzmTM61GpvkOG2eqzslSdo7fe6JlviV7I6WGSc0qkHxE_dJWftdMFQjob-qLm4NDnX49UreopHO2rT=s728 2x"},"classes":[]},{"id":33186,"url":"https:\/\/kalilinuxtutorials.com\/computer-forensics\/","url_meta":{"origin":26509,"position":5},"title":"Computer Forensics : Exploring The Tools Of The Trade &#8211; A Comprehensive Guide","author":"Varshini","date":"June 3, 2024","format":false,"excerpt":"Computer forensics is an essential field that involves the investigation of digital devices to uncover evidence in various scenarios, including criminal activities and corporate disputes. This article provides a curated list of top-notch free tools and resources that are crucial for anyone involved in the forensic analysis of computers. From\u2026","rel":"","context":"In &quot;Forensics&quot;","block_context":{"text":"Forensics","link":"https:\/\/kalilinuxtutorials.com\/category\/f\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8ga6z5wFoaiA_KrO5N9MTQTQXB5trqLEVMNnvy0fSlyGzG9iTmuGv8BxG-BJkFX_xJikdhAKR1nqYXDfg0yoFR8MsnpipdRMzG28TzRHgzlCg9w-XtNqGvkMMYIMeme5NFHeiXLRh6YlFLgTYtYgmCQTz_OAf17dF-5vnl5cx4BYQ4e7Cc-aVjZp_eef_\/s16000\/Forensics%20Tools%20%281%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=26509"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26509\/revisions"}],"predecessor-version":[{"id":26654,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/26509\/revisions\/26654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/26520"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=26509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=26509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=26509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}