This tool was used to find the origin behind the attacks on (a.o.):
- The german Bundestag
- Yahoo
- The american voting registers
Since it is cloud based, it works with binaries as well as scripts or other data (such as captured network traffic).
To analyze data, just run:
./forensic.py [DATA DIR]
The output will show the most likely origin of the attack.