Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
☆196Feb 16, 2023Updated 3 years ago
Alternatives and similar repositories for WindowsTimeline
Users that are interested in WindowsTimeline are comparing it to the libraries listed below
Sorting:
- Win 10/11 related research☆198Dec 19, 2023Updated 2 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆64Dec 18, 2024Updated last year
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- A curated list of KAPE-related resources☆182May 1, 2025Updated 10 months ago
- ☆170Aug 22, 2023Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 2 weeks ago
- PowerShell module for Office 365 and Azure log collection☆279Sep 22, 2025Updated 5 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- ☆24Mar 12, 2025Updated 11 months ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆129Jan 31, 2022Updated 4 years ago
- An NTFS/FAT parser for digital forensics & incident response☆217Oct 31, 2025Updated 4 months ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Forensic Artifact Collection Tool for macOS☆118Jul 28, 2025Updated 7 months ago
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆44Feb 21, 2026Updated last week
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 6 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Windows.EDB Browser☆60Mar 6, 2023Updated 2 years ago
- ☆152Jun 5, 2024Updated last year
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 3 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Vehicle Logs Events And Properties Parser☆92Sep 27, 2025Updated 5 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 2 months ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆208Mar 12, 2025Updated 11 months ago
- Artifact collection tool for *nix systems☆212Mar 20, 2024Updated last year
- Library of threat hunts to get any user started!☆49Sep 4, 2020Updated 5 years ago
- Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.☆27Dec 1, 2022Updated 3 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat a…☆229Jan 6, 2026Updated last month
- Various Topics☆18Apr 30, 2025Updated 10 months ago