• Stars
    star
    460
  • Rank 95,202 (Top 2 %)
  • Language
  • License
    MIT License
  • Created about 3 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A repository of DFIR-related Mind Maps geared towards the visual learners!

DFIRMindMaps

This is a repository to centralize DFIR-related Mind Maps created with any Mind Mapping suites. The main point of this repo is to not only provide the Mind Maps for various DFIR Tools & Artifacts, but provide the source of the Mind Maps so others can use, improve, or modify how they see fit for whatever purpose suits their needs (educational, studying for a certification, etc).

Contributing DFIR Mind Maps

If you contribute to this repo, please provide the source file for others to import into their tool of choice so they can modify, improve, or repurpose your Mind Map as they see fit! With any Pull Request, please provide the following:

  1. Export of Mind Map in a format that others can ingest into other Mind Map tools (i.e., .xmind)
  2. Export of Mind Map to an image format (.PNG, for instance) for the purpose of the README.md file within the folder your Mind Map will reside in
  3. Export of Mind Map in PDF as this will preserve any clickable links incorporated into your Mind Map
  4. Any other deliverables that your Mind Map tool offers that you feel would be useful to the DFIR community, i.e., Markdown export, etc

Making Mind Maps

I personally use XMind as I like how it has a Desktop application rather then being fully web-based like MindMeister, which is a good tool in its own right. Most Mind Map tools are not free, but there are free alternatives out there that may not have as many features as paid options. Regardless, most tools average about $5 USD per month so it's not very expensive overall.

Here are some ideas for Mind Map tools for you to check out!

Roadmap

I'm studying for the GCIH right now, so I need motivation to create visual learning aids for myself. If I create them, they will end up here in PDF, PNG, and .xmind format.

Other DFIR Mind Map GitHub Repositories

More Repositories

1

DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
HTML
522
star
2

Awesome-KAPE

A curated list of KAPE-related resources
126
star
3

VanillaWindowsReference

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
110
star
4

DFIRRegex

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
60
star
5

KAPE-EZToolsAncillaryUpdater

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
PowerShell
43
star
6

VanillaWindowsRegistryHives

A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
40
star
7

DFIRPowerShellScripts

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
PowerShell
39
star
8

EventTranscript.db-Research

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
38
star
9

DirectoryOpus-DFIRConfig

A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.
28
star
10

Anti-Forensics-VHDX

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.
HTML
24
star
11

SANSGoldPaperResearch_FOR500_Rathbun

A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.
HTML
23
star
12

ForensicImageKAPEOutput

A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
12
star
13

SigHunter

A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatches
C#
11
star
14

PCAParser

A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca
PowerShell
8
star
15

Windows11Research

A brain dump for any Windows 11 research that I may conduct
HTML
6
star
16

iOS_Test-Device_Photos.sqlite_Examples

This repo will contain several iOS Photos.sqlite databases, both Local Photo Library (LPL) db’s and Shared with You Syndication Photo Library (SWY) db’s that can be used to test Photos.sqlite queries.
3
star
17

KAPEPowerShellScripts

A working repo of PowerShell scripts that help extend KAPE's functionality
2
star
18

AndrewRathbun

2
star
19

CSVFileDetailsExtractor

A simple tool to enumerate useful details from CSV files recursively from a provided folder path
C#
2
star
20

CsvMerger

A simple program to merge CSV files together.
C#
1
star
21

CSVHeaderHunter

C# program to grab all CSV headers from a directory recursively and output to a CSV file
C#
1
star
22

MP3TagExtractor

A command-line application to extract (recursively, if needed) IDv3 metadata from audio files
C#
1
star
23

DFIRSQLiteSchemas

A repo containing schemas of commonly used SQLite databases in everyday DFIR analysis.
1
star