dfirlabs / ntfs-specimens
NTFS file system specimens
☆14Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ntfs-specimens
- Just Another broken Registry Parser (JARP)☆16Updated 5 months ago
- ☆19Updated last year
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆13Updated 8 months ago
- ☆10Updated 11 months ago
- A DFVFS Backed Forensic Viewer☆39Updated 4 years ago
- macOS Artifact Intelligence Tool☆13Updated 5 years ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆25Updated 2 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- Forensic cheatsheets for use with cheat☆15Updated 2 years ago
- Miscellaneous Scripts☆17Updated 4 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆10Updated 2 months ago
- Google Filestream Forensic Tool☆16Updated 2 years ago
- Collection of scripts used to analyse malware or emails☆19Updated 4 years ago
- Python web app for previewing data in a Chrome Profile Folder☆16Updated 4 months ago
- ☆17Updated 2 months ago
- Yara rules☆19Updated last year
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆13Updated 3 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Scans through registry hives outputting entropy values for key/values, dumps binary contents to files...we are looking for those "fileles…☆11Updated 5 years ago
- Can you pay the ransom in your country?☆13Updated 10 months ago
- ☆24Updated 2 years ago
- Git for me to put all my forensics stuff☆21Updated 2 months ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆22Updated 9 months ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆56Updated last year
- Parser for Sdba memory pool tags☆17Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆35Updated last year
- volatility-runner is a command line application designed to speed up memory forensics using the volatility framework, primarily for insta…☆11Updated 5 years ago