KasperskyLab/ForensicsTools external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

KasperskyLab/ForensicsTools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/KasperskyLab/ForensicsTools)

Close

KasperskyLab / ForensicsToolsView on GitHubMore

• External links
• Readme badge

Tools for DFIR

☆123Jan 25, 2018Updated 8 years ago

Alternatives and similar repositories for ForensicsTools

Users that are interested in ForensicsTools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Velocidex / evtx

  View on GitHub
  Golang Parser for Microsoft Event Logs
  ☆109Nov 7, 2025Updated 5 months ago
• KasperskyLab / Articles

  View on GitHub
  ☆17Sep 15, 2017Updated 8 years ago
• KasperskyLab / klara

  View on GitHub
  Kaspersky's GReAT KLara
  ☆733Jul 24, 2024Updated last year
• grayfold3d / POSH-Triage

  View on GitHub
  Tools for parsing Forensic images
  ☆41Dec 14, 2018Updated 7 years ago
• gleeda / memtriage

  View on GitHub
  Allows you to quickly query a Windows machine for RAM artifacts
  ☆219Jul 17, 2020Updated 5 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• msuhanov / yarp

  View on GitHub
  Yet another registry parser
  ☆137Apr 15, 2022Updated 4 years ago
• bsi-group / autorun-logger-server

  View on GitHub
  Server for receiving autorun data from the clients
  ☆13Sep 26, 2017Updated 8 years ago
• daguy666 / Transit

  View on GitHub
  MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.
  ☆20Feb 20, 2020Updated 6 years ago
• dfirfpi / decwindbx

  View on GitHub
  A sort of a toolkit to decrypt Dropbox Windows DBX files
  ☆32Apr 30, 2017Updated 8 years ago
• KasperskyLab / bitscout

  View on GitHub
  ☆23Jun 11, 2024Updated last year
• dgunter / evtxtoelk

  View on GitHub
  A lightweight tool to load Windows Event Log evtx files into Elasticsearch.
  ☆119Nov 6, 2020Updated 5 years ago
• EbryxLabs / __DFIR-scripts

  View on GitHub
  Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment
  ☆14Jan 7, 2026Updated 3 months ago
• kacos2000 / Win10LiveInfo

  View on GitHub
  Windows 10 Live Information viewer
  ☆39Jan 27, 2022Updated 4 years ago
• msuhanov / dfir_ntfs

  View on GitHub
  An NTFS/FAT parser for digital forensics & incident response
  ☆230Oct 31, 2025Updated 6 months ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• virtualrealitysystems / aumfor

  View on GitHub
  Automated Memory Forensic
  ☆34Jul 18, 2018Updated 7 years ago
• google / GiftStick

  View on GitHub
  1-Click push forensics evidence to the cloud
  ☆145Mar 18, 2026Updated last month
• msuhanov / registry-miner

  View on GitHub
  Registry Miner
  ☆14Apr 10, 2018Updated 8 years ago
• binglot / misc

  View on GitHub
  Various scrips
  ☆12Oct 19, 2022Updated 3 years ago
• JR0driguezB / malware_analysis

  View on GitHub
  Various snippets created during malware analysis
  ☆22Apr 29, 2018Updated 8 years ago
• zerber0s / mac_int

  View on GitHub
  macOS Artifact Intelligence Tool
  ☆13Apr 30, 2019Updated 6 years ago
• nccgroup / Royal_APT

  View on GitHub
  Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
  ☆53Mar 16, 2018Updated 8 years ago
• matthastings / PSalander

  View on GitHub
  ☆52Sep 17, 2018Updated 7 years ago
• truekonrads / kpulp

  View on GitHub
  Konrads' Pen-Ultimate (Windows) Log File Parser
  ☆14Dec 27, 2025Updated 4 months ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆350Mar 19, 2021Updated 5 years ago
• kacos2000 / WindowsTimeline

  View on GitHub
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆196Feb 16, 2023Updated 3 years ago
• kacos2000 / Jumplist-Browser

  View on GitHub
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆47Apr 4, 2026Updated 3 weeks ago
• JohnLaTwC / PyPowerShellXray

  View on GitHub
  Python script to decode common encoded PowerShell scripts
  ☆216Jun 13, 2018Updated 7 years ago
• Silv3rHorn / ArtifactExtractor

  View on GitHub
  Extract common Windows artifacts from source images and VSCs
  ☆65May 10, 2021Updated 4 years ago
• rrbranco / Articles

  View on GitHub
  Published Articles of the Past (trying to be as complete as possible)
  ☆15Jan 20, 2021Updated 5 years ago
• nettitude / logparser

  View on GitHub
  SQL scripts for querying event logs
  ☆21Jul 12, 2017Updated 8 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• tedsmith / NSRL-Stripper

  View on GitHub
  A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database
  ☆14Nov 19, 2021Updated 4 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• MarkBaggett / srum-dump

  View on GitHub
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆743Jun 5, 2025Updated 10 months ago
• 4n6ist / bulk_extractor-rec

  View on GitHub
  It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving
  ☆42Apr 23, 2020Updated 6 years ago
• CrowdStrike / Forensics

  View on GitHub
  Scripts and code referenced in CrowdStrike blog posts
  ☆340Nov 13, 2019Updated 6 years ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,431Nov 16, 2023Updated 2 years ago
• MatthewClarkMay / fTriage

  View on GitHub
  Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  ☆21Mar 12, 2019Updated 7 years ago
• forensicmatt / PancakeViewer

  View on GitHub
  A DFVFS Backed Forensic Viewer
  ☆42Apr 13, 2020Updated 6 years ago
• bstelte / thurstan

  View on GitHub
  Simple Distributed IOC Scanner
  ☆12Jul 27, 2015Updated 10 years ago