A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.
☆309Feb 26, 2026Updated 3 weeks ago
Alternatives and similar repositories for forensic-timeliner
Users that are interested in forensic-timeliner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A tool for fetching DFIR and other GitHub tools.☆26Aug 2, 2025Updated 7 months ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Mar 12, 2026Updated last week
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated last month
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated 2 months ago
- macOS forensic acquisition made simple☆234Mar 6, 2026Updated 2 weeks ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆180Jan 20, 2026Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆581Dec 6, 2025Updated 3 months ago
- Quick ESXi Log Parser☆30Oct 20, 2025Updated 5 months ago
- A curated list of KAPE-related resources☆184May 1, 2025Updated 10 months ago
- USN Journal full path builder☆67Sep 16, 2024Updated last year
- /ˈhäjˌpäj/ "a confused mixture."☆13Mar 17, 2026Updated last week
- PowerShell tools to help defenders hunt smarter, hunt harder.☆476Oct 29, 2025Updated 4 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated 2 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- Hunt for SQLite files used by various applications☆30Mar 1, 2026Updated 3 weeks ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,263Mar 14, 2026Updated last week
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆52Jan 26, 2025Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆776Mar 3, 2026Updated 3 weeks ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆120Oct 8, 2023Updated 2 years ago
- Harness the power of Splunk for your investigations☆158Oct 11, 2025Updated 5 months ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆20May 9, 2025Updated 10 months ago
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 9 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆24Oct 9, 2024Updated last year
- A preconfigured Velociraptor triage collector☆76Mar 2, 2026Updated 3 weeks ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆824Mar 12, 2026Updated last week
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆207Nov 12, 2025Updated 4 months ago
- Parse and analyze a Windows Amcache.hve registry hive, VirusTotal integration.☆111Aug 12, 2025Updated 7 months ago
- Beginners Guide to Hunting for Threats☆18Apr 26, 2025Updated 10 months ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 9 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆454Feb 18, 2026Updated last month
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Apr 6, 2025Updated 11 months ago
- Tools for Incident Response and Malware Analysis☆11Feb 9, 2025Updated last year