Faster & Better Way to analyze the EML Files

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.

AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).

Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids

AutoParser is a forensic tool for parsing offline registry hives.

A forensic command-line tool for deep analyzing PDF files

This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.

Confirm file type by matching the magic signature ("number").

Create a timeline of files in a folder.

Ingest and query NIST NSRL Reference Data Sets in Elasticsearch with Python tools and libraries.

Sabonis, a Digital Forensics and Incident Response pivoting tool

HybridHashScanner is a versatile command-line tool for analyzing file hashes against multiple threat intelligence services, including MISP, CIRCL Hashlookup, OTX, Kaspersky, and VirusTotal. It supports single hash lookups, batch processing from CSV/TXT files, caching via SQLite, multithreading for efficiency, and optional Tor integration for anonym

Recover and decode unsaved Windows Notepad binary files into readable notes

CrowdStrike API Client Library

splits a URL into individual components, unescapes arguments, and performs light calculations for manual or automated analysis

🕵️‍♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.

Search for given file hash

Binalyze AIR and Carbon Black Cloud Integration

osquery_hunter is a lightweight, Python-based triage helper for Windows systems. It uses osquery to enumerate running processes, network sockets, and signatures — helping analysts quickly spot unsigned or suspicious binaries. Ideal for DFIR, incident response, and blue-team investigations in environments without full EDR coverage.

TruxTrace is a Linux user simulation tool that emulates realistic command-line behavior for single and multiple users. It’s designed for learning, testing, and digital forensics, generating artifacts like logs and histories to replicate real-world usage scenarios.