AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).

A post-mortem analysis tool for raw disk/partition images

Extract and normalize information from forensics artifacts

MalNote – an automated malware triage and intelligence tool that scans files, queries multiple threat intelligence sources (OTX, ThreatFox, MalwareBazaar, VirusTotal), and generates a detailed Markdown analysis note enriched with AI-powered insights from Gemini.

Collaborative Forensic Collections Manager

Minimalist Collaborative Malware DB Management

osquery_hunter is a lightweight, Python-based triage helper for Windows systems. It uses osquery to enumerate running processes, network sockets, and signatures — helping analysts quickly spot unsigned or suspicious binaries. Ideal for DFIR, incident response, and blue-team investigations in environments without full EDR coverage.

CLI generator for Velociraptor offline collector

Orchestration Software for Incident Response

Recover and decode unsaved Windows Notepad binary files into readable notes

HybridHashScanner is a versatile command-line tool for analyzing file hashes against multiple threat intelligence services, including MISP, CIRCL Hashlookup, OTX, Kaspersky, and VirusTotal. It supports single hash lookups, batch processing from CSV/TXT files, caching via SQLite, multithreading for efficiency, and optional Tor integration for anonym

A deployment and testing platform for Velociraptor's client artifacts

OpenRelik ertools worker

TruxTrace is a Linux user simulation tool that emulates realistic command-line behavior for single and multiple users. It’s designed for learning, testing, and digital forensics, generating artifacts like logs and histories to replicate real-world usage scenarios.

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

A Python2 GUI tool to automate memory dump analysis using Volatility 2.6.1. It allows users to load memory files, automatically detects the correct profile with imageinfo, and runs common forensic commands. Results are organized into case folders for easy review.

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.

A forensic command-line tool for deep analyzing PDF files

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

🕵️‍♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.