Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
Updated
Jan 4, 2024 - Python
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Collection of Event ID ressources useful for Digital Forensics and Incident Response
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
A curated list of tools for incident response. With repository stars⭐ and forks🍴
A curated list of KAPE-related resources
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
A tool designed to analyse email headers
A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.
A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!
Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
OverWatchINT is an Open Source Intelligence and All-in-One Hacking Tool. It's purpose is to reduce the time and efforts of security researchers and cyber experts.
Add a description, image, and links to the digitalforensics topic page so that developers can more easily learn about it.
To associate your repository with the digitalforensics topic, visit your repo's landing page and select "manage topics."