AndrewRathbun

VanillaWindowsReference

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!

DFIRPowerShellScripts

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

DirectoryOpus-DFIRConfig

A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.

RAMDumpExplorer

An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values

DFIR-Triage-Collector

Rapid DFIR Triage Collection Tool For Windows, Mac and Linux

WinTools

A collection of free miscellaneous Windows tools

CSVFileDetailsExtractor

A simple tool to enumerate useful details from CSV files recursively from a provided folder path

iADForensics

iADForensics - ESE NTDS.DIT Database forensics framework

LikeNtfsWalker

ToyProject_Like NTFSwalker

PEExplorer

Portable Executable Explorer

RECmd

Command line access to the Registry

SQLECmd

This repository serves as a place for community created SQLECmd Maps for use with SQLECmd.

BinReveal

An updated fork of @MTJailed's BinReveal project. This is a project for analyzing files to find signatures or hidden files in a file

CsvMerger

A simple program to merge CSV files together.

DateDecoder

An updated fork of DateDecoder originally by @jacobsoo.

JumpList

MVT

PurpleSharp

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

RegistryPlugins

TLEFilePlugins

Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/tag column, layout support, searching, etc.)

GuidMapping

iisGeolocate

geolocate ip addresses in IIS logs

JLECmd

Automatic and Custom Destinations jump list parser with Windows 10 support

OleCf

Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does fine)

PECmd

Prefetch Explorer Command Line

RBCmd

Recycle bin artifact parser

Registry

Full featured, offline Registry parser in C#

Srum

Sum

WPF-Samples

Repository for WPF related samples