Rapidly Search and Hunt through Windows Forensic Artefacts

Impacket is a collection of Python classes for working with network protocols.

Tricks for penetration testing

Best Practice Auditd Configuration

Tracking history of USB events on GNU/Linux

A Powershell incident response framework

Windows Events Attack Samples

Finds event logs between two time points. Useful for helpdesk/support/malware analysis.

CyLR - Live Response Collection Tool

Scripts to facilitate filtering with Plaso

A fast and clever hex editor for macOS

Configuration files for the SOF-ELK VM

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Ephemera and other documentation associated with the 1337list project.

Scripts for MacOS related tasks.

A tool for studying JavaScript malware.

RDP Bitmap Cache parser

E-Mail Header Analyzer

Parses IE's Automatic Crash Recovery Files

Super timeline all the things

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats.

CLI tool to manage a SIFT Install

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10

PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those fil…

A black hole for Internet advertisements

Command line tool for Amazon Route 53

Fetches system/theme information in terminal for Linux desktop screenshots.

An advanced memory forensics framework