A python-based tool to extract forensic info from ActivitiesCache.db (Windows Activity Timeline)

A python-based tool to extract data from MEGAsync windows application database file and generate a CSV with all the files that are present on MEGA cloud.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Linux security with three different distributions (Rocky Linux, Ubuntu and openSUSE)!

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

TeleTracker is a simple set of Python scripts designed for anyone investigating Telegram channels. It helps you send messages quickly and gather useful channel information easily.

A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.

An uroboros program with 100+ programming languages

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…

Documentation and scripts to properly enable Windows event logs.

practical toolkit for cybersecurity and IT professionals. It features a detailed Linux cheatsheet for incident response

PowerForensics provides an all in one platform for live disk forensic analysis

A toolset to make a system look as if it was the victim of an APT attack

A GeoIP lookup utility utilizing ipinfo.io services.

Remote access and Antivirus Logging Database

eXtremely Minimal Hugo theme: about 140 lines of code in total, including HTML and CSS (with no dependencies)

Hardcore Debugging

Contains compiled binaries of Volatility

Main Sigma Rule Repository

Incident Response Methodologies 2022

Please no pull requests for this repository. Thanks!

Quickly find differences and similarities in disassembled code

Regexplore is a Volatility plugin designed to mimic the functionality of the Registry Explorer plugins in EZsuite

DFIQ is a collection of investigative questions and the approaches for answering them

Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response

FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV file

A hex viewer for the sleuths!