A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.
☆327Feb 26, 2026Updated 3 months ago
Alternatives and similar repositories for forensic-timeliner
Users that are interested in forensic-timeliner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A tool for fetching DFIR and other GitHub tools.☆29Aug 2, 2025Updated 10 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆108Mar 12, 2026Updated 3 months ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 4 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆53Jan 9, 2026Updated 5 months ago
- macOS forensic acquisition made simple☆278Jun 2, 2026Updated last week
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆630Jun 3, 2026Updated last week
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated 2 years ago
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆201Apr 1, 2026Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆118Jan 26, 2022Updated 4 years ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,375May 28, 2026Updated 2 weeks ago
- Quick ESXi Log Parser☆33Oct 20, 2025Updated 7 months ago
- USN Journal full path builder☆69Apr 16, 2026Updated last month
- A curated list of KAPE-related resources☆188May 1, 2025Updated last year
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- /ˈhäjˌpäj/ "a confused mixture."☆15Jun 1, 2026Updated last week
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆232Jan 6, 2026Updated 5 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆484Oct 29, 2025Updated 7 months ago
- Search Index Database Reporter☆136Oct 28, 2025Updated 7 months ago
- Hunt for SQLite files used by various applications☆31Mar 1, 2026Updated 3 months ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- Harness the power of Splunk for your investigations☆166Oct 11, 2025Updated 8 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 6 months ago
- KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Micro…☆157Apr 1, 2026Updated 2 months ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆56Jan 26, 2025Updated last year
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆820Updated this week
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆122Oct 8, 2023Updated 2 years ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆20May 9, 2025Updated last year
- Rapidly Search and Hunt through Linux Forensics Artifacts☆213Mar 9, 2026Updated 3 months ago
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 11 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆24Oct 9, 2024Updated last year
- AI-powered cybersecurity attack flow visualization tool using MITRE ATT&CK☆217Mar 4, 2026Updated 3 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A preconfigured Velociraptor triage collector☆77Jun 4, 2026Updated last week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆822May 30, 2026Updated 2 weeks ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆846Jun 3, 2026Updated last week
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,201Jun 7, 2026Updated last week
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆209Nov 12, 2025Updated 7 months ago
- Parse and analyze a Windows Amcache.hve registry hive, VirusTotal integration.☆112Aug 12, 2025Updated 10 months ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆12May 6, 2026Updated last month