harelsegev / prefetch-hash-crackerView external linksLinks
A small util to brute-force prefetch hashes
☆77Jun 24, 2022Updated 3 years ago
Alternatives and similar repositories for prefetch-hash-cracker
Users that are interested in prefetch-hash-cracker are comparing it to the libraries listed below
Sorting:
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Carve file metadata from NTFS index ($I30) attributes☆70Feb 3, 2024Updated 2 years ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆20Jul 18, 2023Updated 2 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- ☆24Mar 12, 2025Updated 11 months ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 7 months ago
- Search datasets for Bitlocker recovery files and triage live systems for Bitlocker keys.☆51Jan 26, 2025Updated last year
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆27Jan 2, 2023Updated 3 years ago
- ☆21May 8, 2022Updated 3 years ago
- Automatic, fast parsing of browser artifacts☆17Jan 4, 2025Updated last year
- Hunt for SQLite files used by various applications☆28Jan 31, 2026Updated 2 weeks ago
- USN Journal full path builder☆65Sep 16, 2024Updated last year
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- Windows Forensics Salt States☆20Feb 7, 2026Updated last week
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆228Jan 6, 2026Updated last month
- Search Index Database Reporter☆131Oct 28, 2025Updated 3 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆55Jul 2, 2023Updated 2 years ago
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- ☆18Mar 26, 2024Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆694Oct 22, 2025Updated 3 months ago
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆127Jul 20, 2024Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆59Jun 24, 2025Updated 7 months ago
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- Tool for analyzing SAP Secure Network Communications (SNC).☆57Apr 16, 2024Updated last year
- A Python script that gathers all valid IP addresses from all text files from a directory, and checks them against Whois database, TOR rel…☆29Jun 27, 2022Updated 3 years ago
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 6 months ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆117Nov 28, 2023Updated 2 years ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Updated this week
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 7 months ago
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆78Oct 20, 2025Updated 3 months ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 3 months ago