$MFT directory tree reconstruction & FILE record info
updated at June 6, 2024, 8:43 p.m.
DPS' Lightweight Investigation Notebook
updated at June 5, 2024, 9:53 p.m.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
updated at June 3, 2024, 2:38 p.m.
Command line utility and Python package to ease the (un)mounting of forensic disk images
updated at June 2, 2024, 4:32 p.m.
CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities
updated at June 2, 2024, 11:11 a.m.
Investigate suspicious activity by visualizing Sysmon's event log
updated at May 31, 2024, 11:57 a.m.
Binary analysis and management framework
updated at May 31, 2024, 10:41 a.m.
A Python DNS crawler to find identical domain names under different TLDs.
updated at May 30, 2024, 8:42 a.m.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
updated at May 27, 2024, 11:51 a.m.
A Python library and command line tools to provide interactive log visualization.
updated at May 27, 2024, 7:14 a.m.
"Evolving AppCompat/AmCache data analysis beyond grep"
updated at May 16, 2024, 1:39 p.m.
CLI program for automating the setup, configuration, and use of cybersecurity solutions
updated at May 14, 2024, 9:23 p.m.