Forensics

Uncover the dirty little secrets of a recovered HDD, Image, malware, and more.

asset-count

Blockchain

Tool Description Directory
Orbit Blockchain Transactions Investigation Tool. last-commit opensource

Browser

Tool Description Directory
Hindsight Web browser forensics for Google Chrome/Chromium. last-commit opensource

Disk Images

Tool Description Directory
AFFLIBv3 AFF is an open and extensible file format to store disk images and associated metadata. last-commit opensource
Autopsy A digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. N/A
DMG2IMG DMG2IMG is a tool which allows converting Apple compressed dmg archives to standard (hfsplus) image disk files. last-commit opensource

Mobile

Tool Description Directory
Andriller Performs read-only, forensically sound, non-destructive acquisition from Android devices. last-commit opensource

Scripts

Tool Description Directory
DissectingMalwa.re Lab Download/setup script for malware analysis/software reverse engineering. last-commit opensource

SQL

Tool Description Directory
DFIR SQL Query Download/setup script for malware analysis/software reverse engineering. last-commit opensource

Tools

Tool Description Directory
Beagle Digital forensics tool which transforms security logs and data into graphs. last-commit opensource

Windows

Tool Description Directory
AmcacheParser Parses amcache.hve files, but with a twist. last-commit opensource
AppCompatCacheParser AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10. last-commit opensource
Auditpol Displays information about and performs functions to manipulate audit policies. N/A
EvtxECmd C# based evtx parser with lots of extras. last-commit opensource
ExtensionBlocks Extension blocks as found in ShellBags and other places in the Registry. last-commit opensource
iisGeolocate geolocate ip addresses in IIS logs. last-commit opensource
JLECmd Automatic and Custom Destinations jump list parser with Windows 10 support. last-commit opensource
KAPE Files This repository serves as a place for community created Targets and Modules for use with KAPE. last-commit opensource
LECmd Lnk Explorer Command line edition! last-commit opensource
Lnk Lnk file parser. last-commit opensource
MFT MFT parser. last-commit opensource
MFTECmd Parses $MFT from NTFS file systems. last-commit opensource
OleCF Library to process OLE compound file format. last-commit opensource
PECmd Prefetch Explorer Command Line. last-commit opensource
Prefetch Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10. last-commit opensource
RBCmd Recycle bin artifact parser. last-commit opensource
Registry Full featured, offline Registry parser in C#. last-commit opensource
Registry Explorer Bookmarks Registry Explorer bookmark definitions. last-commit opensource
SDB Parse Microsoft shim databases. last-commit opensource
SQLECmd This repo that contains all the Maps used by Eric Zimmerman’s SQLECmd. last-commit opensource
SrumECmd SRUM parser. last-commit opensource
SumECmd Process Microsoft User Access Log. last-commit opensource
TLEFilePlugins Plugins for parsing CSV files in Timeline Explorer. last-commit opensource
USBDevices Get USB Devices from Registry hives. last-commit opensource
VSCMount Mount VSCs with ease! last-commit opensource
WinSearchDBAnalyzer Parse normal records and recover deleted records in Windows.edb. last-commit opensource
WtTCmd Parser for the Windows 10 Timeline feature database. last-commit opensource