| title | description |
|---|---|
Forensics |
Uncover the dirty little secrets of a recovered HDD, Image, malware, and more. |
- Orbit - Blockchain Transactions Investigation Tool.
- Hindsight - Web browser forensics for Google Chrome/Chromium.
- AFFLIBv3 - AFF is an open and extensible file format to store disk images and associated metadata.
- Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
- DMG2IMG - DMG2IMG is a tool which allows converting Apple compressed dmg archives to standard (hfsplus) image disk files.
- Exfiltool - Tool for reading, writing and editing meta information.
- FOCA - Tool to find metadata and hidden information in the documents.
- Andriller - Performs read-only, forensically sound, non-destructive acquisition from Android devices.
- DissectingMalwa.re Lab - Download/setup script for malware analysis/software reverse engineering.
- DFIR SQL Query - Download/setup script for malware analysis/software reverse engineering.
-
- Beagle - Digital forensics tool which transforms security logs and data into graphs.
- AmcacheParser - Parses amcache.hve files, but with a twist. -
- AppCompatCacheParser - AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10. -
- Auditpol - Displays information about and performs functions to manipulate audit policies.
- EvtxECmd - C# based evtx parser with lots of extras. -
- ExtensionBlocks - Extension blocks as found in ShellBags and other places in the Registry. -
- iisGeolocate - geolocate ip addresses in IIS logs. -
- JLECmd - Automatic and Custom Destinations jump list parser with Windows 10 support. -
- KAPE Files - This repository serves as a place for community created Targets and Modules for use with KAPE. -
- LECmd - Lnk Explorer Command line edition!
- Lnk - Lnk file parser.
- MFT - MFT parser.
- MFTECmd - Parses $MFT from NTFS file systems.
- OleCF - Library to process OLE compound file format.
- PECmd - Prefetch Explorer Command Line.
- Prefetch - Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10. -
-
- RBCmd - Recycle bin artifact parser.
- Registry - Full featured, offline Registry parser in C#.
- Registry Explorer Bookmarks - Registry Explorer bookmark definitions. -
- SDB - Parse Microsoft shim databases.
- SQLECmd - This repo that contains all the Maps used by Eric Zimmerman's SQLECmd. -
- SrumECmd - SRUM parser.
- SumECmd - Process Microsoft User Access Log.
- TLEFilePlugins - Plugins for parsing CSV files in Timeline Explorer. -
- USBDevices - Get USB Devices from Registry hives.
- VSCMount - Mount VSCs with ease!
- WinSearchDBAnalyzer - Parse normal records and recover deleted records in Windows.edb.
- WtTCmd - Parser for the Windows 10 Timeline feature database.
