EricZimmerman / Get-ZimmermanTools
Get all my software
☆135Updated last week
Related projects: ⓘ
- Software downloads☆89Updated last week
- A curated list of KAPE-related resources☆154Updated 4 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆53Updated last year
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆123Updated 2 years ago
- Documentation repository☆42Updated 3 weeks ago
- Windows Forensics Environment Builder☆106Updated 3 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆139Updated 2 months ago
- Search Index Database Reporter☆87Updated last year
- Command line access to the Registry☆123Updated 2 weeks ago
- Cast is an installer for any compatible Saltstack based distribution like SIFT or REMnux☆99Updated this week
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆90Updated 11 months ago
- ☆84Updated 3 months ago
- ☆44Updated 2 weeks ago
- ATT&CK Remote Threat Hunting Incident Response☆196Updated 5 years ago
- Scripts to facilitate filtering with Plaso☆124Updated 4 years ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆62Updated last year
- Repository of public reference frameworks for the DFIR community.☆105Updated last year
- Parses $MFT from NTFS file systems☆183Updated this week
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆170Updated last month
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆170Updated last week
- A GeoIP lookup utility utilizing ipinfo.io services.☆83Updated 9 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆84Updated last year
- Automagically extract forensic timeline from volatile memory dump☆123Updated 4 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆266Updated 3 weeks ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- 📇 Digital Forensics Artifact Repository (forensicanalysis edition)☆71Updated 7 months ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆192Updated 3 years ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆76Updated last year
- Dump of organized knowledge on DFIR☆132Updated 2 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆170Updated last month