Tools for DFIR
☆121Jan 25, 2018Updated 8 years ago
Alternatives and similar repositories for ForensicsTools
Users that are interested in ForensicsTools are comparing it to the libraries listed below
Sorting:
- Golang Parser for Microsoft Event Logs☆107Nov 7, 2025Updated 4 months ago
- ☆17Sep 15, 2017Updated 8 years ago
- Kaspersky's GReAT KLara☆733Jul 24, 2024Updated last year
- Tools for parsing Forensic images☆41Dec 14, 2018Updated 7 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆219Jul 17, 2020Updated 5 years ago
- Yet another registry parser☆137Apr 15, 2022Updated 3 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- ☆23Jun 11, 2024Updated last year
- A sort of a toolkit to decrypt Dropbox Windows DBX files☆32Apr 30, 2017Updated 8 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Nov 6, 2020Updated 5 years ago
- Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment☆14Jan 7, 2026Updated 2 months ago
- An NTFS/FAT parser for digital forensics & incident response☆223Oct 31, 2025Updated 4 months ago
- Automated Memory Forensic☆34Jul 18, 2018Updated 7 years ago
- 1-Click push forensics evidence to the cloud☆144Updated this week
- Registry Miner☆14Apr 10, 2018Updated 7 years ago
- Various scrips☆12Oct 19, 2022Updated 3 years ago
- Various snippets created during malware analysis☆22Apr 29, 2018Updated 7 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Mar 16, 2018Updated 8 years ago
- ☆52Sep 17, 2018Updated 7 years ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated 2 months ago
- ☆349Mar 19, 2021Updated 5 years ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆45Mar 13, 2026Updated last week
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- Extract common Windows artifacts from source images and VSCs☆65May 10, 2021Updated 4 years ago
- Published Articles of the Past (trying to be as complete as possible)☆15Jan 20, 2021Updated 5 years ago
- SQL scripts for querying event logs☆21Jul 12, 2017Updated 8 years ago
- Binary commandline executable to parse ETL files☆69Jun 7, 2018Updated 7 years ago
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Nov 19, 2021Updated 4 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆737Jun 5, 2025Updated 9 months ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆42Apr 23, 2020Updated 5 years ago
- A Golang Registry parser☆19Feb 3, 2025Updated last year
- Scripts and code referenced in CrowdStrike blog posts☆339Nov 13, 2019Updated 6 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,427Nov 16, 2023Updated 2 years ago
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 7 years ago
- A DFVFS Backed Forensic Viewer☆42Apr 13, 2020Updated 5 years ago