PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts
Collection of Event ID ressources useful for Digital Forensics and Incident Response
A repository of DFIR-related Mind Maps geared towards the visual learners!
翻译 - 面向视觉学习者的 DFIR 相关思维导图存储库!
A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
A curated list of KAPE-related resources
The Toy Story Police Department (TSPD) is investigating a series of kidnappings. Baby stuffed animals are being kidnapped from their homes and sold on the international stuffed slave market. Sherif...
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with...
Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!