# Gather and Analyze Data ## dissect Perform a variety of forensics and incident response tasks using this DFIR framework and toolset. **Website**: \ **Author**: Dissect Team: \ **License**: GNU Affero General Public License v3: \ **Notes**: acquire, target-fs, rdump, rgeoip, target-query, target-shell, target-dump, target-info, target-reg, target-dd, target-mount\ **State File**: [remnux.python3-packages.dissect](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/dissect.sls) ## time-decode Decode and encode date and timestamps. **Website**: \ **Author**: Corey Forman\ **License**: MIT License: \ **State File**: [remnux.python3-packages.time-decode](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/time-decode.sls) ## malwoverview Query public repositories of malware data (e.g., VirusTotal, HybridAnalysis). **Website**: \ **Author**: Alexandre Borges\ **License**: GNU General Public License v3: \ **Notes**: malwoverview, add API keys to \~/.malwapi.conf\ **State File**: [remnux.python3-packages.malwoverview](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/malwoverview.sls) ## ipwhois Retrieve and parse whois data for IP addresses. **Website**: \ **Author**: Philip Hane\ **License**: BSD 2-Clause "Simplified" License: \ **Notes**: ipwhois\_cli.py, ipwhois\_utils\_cli.py\ **State File**: [remnux.python3-packages.ipwhois](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/ipwhois.sls) ## pdnstool Query passive DNS databases for DNS data. **Website**: \ **Author**: Chris Lee\ **License**: MIT License: \ **State File**: [remnux.rubygems.pdnstool](https://github.com/REMnux/salt-states/blob/master/remnux/rubygems/pdnstool.sls) ## DeXRAY Extract and decode data from antivirus quarantine files. **Website**: \ **Author**: Hexacorn\ **License**: Free; copyright by Hexacorn.com: \ **Notes**: dexray\ **State File**: [remnux.scripts.dexray](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/dexray.sls) ## virustotal-submit Submit files to VirusTotal. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **Notes**: virustotal-submit.py\ **State File**: [remnux.scripts.virustotal-submit](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/virustotal-submit.sls) ## virustotal-search Search VirusTotal for file hashes. **Website**: \ **Author**: Didier Stevens: \ **License**: Public Domain\ **Notes**: virustotal-search.py\ **State File**: [remnux.scripts.virustotal-search](https://github.com/REMnux/salt-states/blob/master/remnux/scripts/virustotal-search.sls) ## Scalpel Carve contents out of binary files, such as partitions. **Website**: \ **Author**: Golden G. Richard III, Vassil Roussev\ **License**: Apache License 2.0: \ **State File**: [remnux.packages.scalpel](https://github.com/REMnux/salt-states/blob/master/remnux/packages/scalpel.sls) ## nsrllookup Look up MD5 file hashes in the NIST National Software Reference Library (NSRL). **Website**: \ **Author**: Robert J. Hansen: \ **License**: ISC License: \ **State File**: [remnux.packages.nsrllookup](https://github.com/REMnux/salt-states/blob/master/remnux/packages/nsrllookup.sls) ## Yara Identify and classify malware samples using Yara rules. **Website**: \ **Author**: \ **License**: BSD 3-Clause "New" or "Revised" License: \ **Notes**: yara\ **State File**: [remnux.packages.yara](https://github.com/REMnux/salt-states/blob/master/remnux/packages/yara.sls) ## ioc\_parser Extract IOCs from security report PDFs. **Website**: \ **Author**: Armin Buescher\ **License**: MIT License: \ **State File**: [remnux.python3-packages.ioc-parser](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/ioc-parser.sls) ## dnslib Python library to encode/decode DNS wire-format packets. **Website**: \ **Author**: Paul Chakravarti\ **License**: BSD 2-Clause "Simplified" License: \ **Notes**: Library - /opt/dnslib/bin/python3 - import dnslib\ **State File**: [remnux.python3-packages.dnslib](https://github.com/REMnux/salt-states/blob/master/remnux/python3-packages/dnslib.sls) ## YARA-X Scan files using YARA rules, the next generation of YARA written in Rust. **Website**: \ **Author**: Victor M. Alvarez, VirusTotal: \ **License**: BSD-3-Clause License: \ **Notes**: yr scan, yr compile. Coexists with classic YARA; uses `yr` command.\ **State File**: [remnux.tools.yara-x](https://github.com/REMnux/salt-states/blob/master/remnux/tools/yara-x.sls) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.remnux.org/discover-the-tools/gather+and+analyze+data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.