lxndrblz / forensicsim
A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and reactions from a Microsoft Teams IndexedDB LevelDB database.
☆76Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for forensicsim
- DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based o…☆74Updated last month
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆67Updated last year
- Baseline a Windows System against LOLBAS☆25Updated 6 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆89Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆49Updated last year
- A C# based tool for analysing malicious OneNote documents☆107Updated last year
- Recycle bin artifact parser☆36Updated 2 months ago
- Digital Forensics Artifacts Knowledge Base☆75Updated 6 months ago
- Forensic Artifact Collection Tool Matrix☆75Updated 2 weeks ago
- Simple PowerShell script to enable process scanning with Yara.☆90Updated 2 years ago
- ESXi Cyber Security Incident Response Script☆20Updated 2 months ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆62Updated 2 years ago
- Linux Baseline and Forensic Triage Tool - BETA☆50Updated 2 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- ReWrite of AChoir in Go for Cross Platform☆35Updated last week
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆63Updated 9 months ago
- ☆57Updated 3 weeks ago
- USN Journal full path builder☆36Updated 2 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆64Updated last year
- Logbook for Digital Forensics and Incident Response☆49Updated 4 months ago
- BlackBerry Threat Research & Intelligence☆93Updated last year
- Parses USB connection artifacts from offline Registry hives☆74Updated last week
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆148Updated 6 months ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆79Updated 3 months ago
- Contains compiled binaries of Volatility☆29Updated last month
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆109Updated 2 years ago
- Initial triage of Windows Event logs☆89Updated 5 months ago
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- An exercise to practice deobfuscating PowerShell Scripts.☆28Updated last year
- Detection Engineering with YARA☆85Updated 10 months ago