Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
☆196Feb 16, 2023Updated 3 years ago
Alternatives and similar repositories for WindowsTimeline
Users that are interested in WindowsTimeline are comparing it to the libraries listed below
Sorting:
- Win 10/11 related research☆198Dec 19, 2023Updated 2 years ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 3 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- ☆24Mar 12, 2025Updated last year
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- A curated list of KAPE-related resources☆184May 1, 2025Updated 10 months ago
- Windows.EDB Browser☆60Mar 6, 2023Updated 3 years ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated last month
- MS Word (DOCx) Parsing Tool☆25Updated this week
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Various Topics☆18Apr 30, 2025Updated 10 months ago
- ☆170Aug 22, 2023Updated 2 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆45Mar 13, 2026Updated last week
- $MFT directory tree reconstruction & FILE record info☆325Oct 7, 2024Updated last year
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆223Oct 31, 2025Updated 4 months ago
- Script to process PDF files☆21May 23, 2025Updated 9 months ago
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 7 months ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆129Jan 31, 2022Updated 4 years ago
- A tool for fetching DFIR and other GitHub tools.☆26Aug 2, 2025Updated 7 months ago
- PowerShell module for Office 365 and Azure log collection☆280Sep 22, 2025Updated 5 months ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated 2 months ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 4 years ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- mister-skinnylegs is an open plugin framework for parsing website/webapp artifacts in browser data. It currently provides a command line …☆19Nov 14, 2025Updated 4 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆44Jul 18, 2022Updated 3 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- A DFIR tool to collect artifacts on macOS☆56Mar 1, 2020Updated 6 years ago
- DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based o…☆88Dec 20, 2024Updated last year
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.☆27Dec 1, 2022Updated 3 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- SQLite queries☆85Mar 8, 2023Updated 3 years ago
- Vehicle Logs Events And Properties Parser☆92Sep 27, 2025Updated 5 months ago