There are no reviews yet. Be the first to send feedback to the community and the maintainers!
DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!Awesome-KAPE
A curated list of KAPE-related resourcesVanillaWindowsReference
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!DFIRRegex
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.KAPE-EZToolsAncillaryUpdater
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those toolsVanillaWindowsRegistryHives
A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.DFIRPowerShellScripts
Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!EventTranscript.db-Research
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.DirectoryOpus-DFIRConfig
A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.Anti-Forensics-VHDX
A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.SANSGoldPaperResearch_FOR500_Rathbun
A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.ForensicImageKAPEOutput
A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!SigHunter
A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatchesPCAParser
A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pcaWindows11Research
A brain dump for any Windows 11 research that I may conductiOS_Test-Device_Photos.sqlite_Examples
This repo will contain several iOS Photos.sqlite databases, both Local Photo Library (LPL) dbβs and Shared with You Syndication Photo Library (SWY) dbβs that can be used to test Photos.sqlite queries.AndrewRathbun
CSVFileDetailsExtractor
A simple tool to enumerate useful details from CSV files recursively from a provided folder pathCsvMerger
A simple program to merge CSV files together.CSVHeaderHunter
C# program to grab all CSV headers from a directory recursively and output to a CSV fileMP3TagExtractor
A command-line application to extract (recursively, if needed) IDv3 metadata from audio filesDFIRSQLiteSchemas
A repo containing schemas of commonly used SQLite databases in everyday DFIR analysis.Love Open Source and this site? Check out how you can help us