Parser for Windows PowerShell script block logs

Libewf is a library to access the Expert Witness Compression Format (EWF)

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digi…

This project aims to enhance the working environment on Windows

Library and tools to access the Windows New Technology File System (NTFS)

Extract and Visualize Data from URLs using Unfurl

Web browser forensics for Google Chrome/Chromium

Volatility 3.0 development

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Construct: Declarative data structures for python that allow symmetric parsing and building

MemProcFS

A fast, clean, responsive Hugo theme.

The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out ther…

A demo of some living-off-the-land techniques

Compile type annotated Python to fast C extensions

A place for all my DFIR ramblings

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A small util to brute-force prefetch hashes

egui: an easy-to-use immediate mode GUI in Rust that runs on both web and native

OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

Library to handle the files in zff format (file format to store and handle forensic acquisitions).

Rapidly Search and Hunt through Windows Forensic Artefacts

Super timeline all the things

Yet another registry parser

Carve file metadata from NTFS index ($I30) attributes

An NTFS/FAT parser for digital forensics & incident response