Luke4N6
Follow
Stars
http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
The 2016 DFRWS Forensic Challenge seeks to advance the state-of-the-art in SDN forensics by focusing the community's attention on this emerging domain.
Command-line utility for multipattern search using liblightgrep
Automatically create iSCSI targets for all drives except for a boot device
Presentation Archives for my macOS and iOS Related Research
Memory acquisition for Linux that makes sense.
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Free hands-on digital forensics labs for students and faculty
A repository of DFIR-related Mind Maps geared towards the visual learners!
$MFT directory tree reconstruction & FILE record info
An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
A python script developed to process Windows memory images based on triage type.
A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.
Carves and recreates VSS catalog and store from Windows disk image.
Volatility plugin for extracts configuration data of known malware
This repository is a collection of EnScript code samples for use in the OpenText EnCase application.
Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and…
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin dete…
Educational, CTF-styled labs for individuals interested in Memory Forensics
not the worst forensics regexp—this is not the primary repo; caveat programmer