AIFT is a GUI, CLI, REST API, and MCP tool that helps DFIR analysts get oriented quickly. Point it at disk images, VM images, forensic archives, or triage packages; AIFT discovers what can be opene…

This script reads a list of IP addresses from a CSV file, checks each IP address for malicious activity using the VirusTotal API.

Extract files from Apple devices on Windows, Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups"

Open-source desktop workbench for digital forensic analysis. Inspect ZIP/TAR acquisitions and parse and view ABX, SQLite, SEGB, (B)PLIST, REALM, Protobuf, Logs,hex, JSON, XML, and more — all in one…

Android Logs Events And Protobuf Parser

iOS Logs, Events, And Plist Parser

Activation Context Hijacking Evasion Tool

Free, open-source, 100% local resume builder. 30 ATS-ready templates, a built-in ATS score, and PDF / Word / JSON export — no account, no server, no tracking, fully offline.

Offline, read-only forensic parser for the Paytm Android app (net.one97.paytm). WIP.

Control any computer remotely

SQLite forensic library — read-only b-tree/freelist/WAL reader plus a deleted-record carver that recovers freed-page, in-page, and dropped-table rows. Panic-free, forbid-unsafe, validated against u…

MalDoc Analyzer Pro — Malware Document Analysis & IOC Extraction Tool. Open-source malware document analyzer for security researchers. Detects malicious macros, embedded scripts, obfuscated payload…

Neural network RDP cache reconstruction tool

Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, …

Light, fluffy, and always free - The AWS Local Emulator alternative

A cross platform forensic parser written in Rust!

Automating the regular windows forensics workflows

Single-file desktop GUI for searching, browsing, and analyzing SQLite databases. Python + tkinter. No install required.

Solución de análisis y visualización forense para archivos incrementales de WhatsApp, incluyendo recuperación de mensajes eliminados y reportes.

EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.

Pure Rust reader for Expert Witness Format (E01/EWF) forensic disk images. MIT licensed.

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

PhonePe Forensics Analysis Dashboard for iOS Extractions

Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.

Extract files from ADB devices on Windows, Linux and MacOS. Mostly a wrapper for adbutils.

Ultra-lightweight, zero dependency, semantic HTML, CSS, JS UI library. ~8KB min+gz.

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with AI Artifacts, AI Secret Hunt, process inspection, lateral movement tracking, persist…

Give meaningful names to recovered files (normally only got placeholder names), based on their embedded metadata and/or contents extracted using OCR

Browse Windows Recycle Bin from E01 forensic images with Explorer-style interface. Parse $I/$R artifacts, view deleted files in original folder structure, export with timestamps & hash calculation.…