Faster & Better Way to analyze the EML Files

Scripts automating computer forensics for Windows and Linux

A Python, Boto3 script that shuts down a selected instance, detaches the instance, generates a snapshot volume and then attaches and mounts both volumes to a workstation

Security incident response case studies demonstrating log analysis, threat hunting, and forensic investigation using Elastic Stack, TheHive, and MITRE ATT&CK

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.

Windows Artifact Parser

DFIR Live-Response scripts

This batch script automates the deployment and management of the DFIR-IRIS web application using Docker on Windows

Binalyze AIR and Carbon Black Cloud Integration

DFIR Lab in AWS

Confirm file type by matching the magic signature ("number").

Exif and metadata dumper/searcher. PDF,JPG,PNG,EXE and a lot more supported.

CrowdStrike API Client Library

A Python2 GUI tool to automate memory dump analysis using Volatility 2.6.1. It allows users to load memory files, automatically detects the correct profile with imageinfo, and runs common forensic commands. Results are organized into case folders for easy review.

Forensic tool utilizes file metadata to eliminate the false positive entries of system artifact and makes a decision.

Lazy Windows event log fast forensics timeline generator and threat hunting script.

FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.

OpenRelik ertools worker

Unified cases, seamless integrations

Este script recompilará una gran parte de la información que se suele obtener de un sistema Linux ante un peritaje o análisis forense. Además toda la información será firmada con SHA256.