Free educational content on reverse engineering and malware analysis from the FLARE team

OS-agnostic tool for data structures recovery

Generate Volatility3 profiles from BTF.

LeechCore - Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

An extremely fast Python type checker and language server, written in Rust.

The SOLVE-IT knowledge base for digital forensics

A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).

Collaborative forensic timeline analysis

Flexible and powerful data analysis / manipulation library for Python, providing labeled data structures similar to R data.frame objects, statistical functions, and much more

Native API header files for the System Informer project.

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Quickly find differences and similarities in disassembled code

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collecti…

Forensics Wiki, a wiki devoted to information about digital forensics (also known as computer forensics)

Volatility3 plugins developed and maintained by the community

Volatility 3.0 development

This repository serves as a place for community created Targets and Modules for use with KAPE.

Digital Forensics artifact repository

Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)

Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

Digging Deeper....

The pattern matching swiss knife

Super timeline all the things

A repository for possible zgrab2 configurations

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.