Stars
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
Parses USB connection artifacts from offline Registry hives
Parser for Windows PowerShell script block logs
iluvadev / XstReader
Forked from Dijji/XstReaderXstReader is an open source viewer for Microsoft Outlook’s .ost and .pst files (also those protected by unknown password). You can view and inspect all content and export messages and attachments (…
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation b…
Impacket is a collection of Python classes for working with network protocols.
A python library to parse OneNote (.one) files
Persistence by writing/reading shellcode from Event Log
This is a collection of analysis formulas and direct evidence that can be used by DFIR operators to rapidly search for anomalous activity.
Ambiguous File System Partition Examples. Image B contains EXt3 and FAT32, Image C contains HFS+ and FAT32 and Image D contains Btrfs, HFS+ and FAT32.
Linux Logs Events Application Program Parser
Obsidian Template for Windows Forensics
A Python + iCloud wrapper to access iPhone and Calendar data.
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit …
Web browser forensics for Google Chrome/Chromium
Public script from SANS FOR509 Enterprise Cloud Incident Response
📟 Archive all the chrome extensions (until Feb 4. 2019)
A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.