Beercow

OneDriveExplorer

OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.

SEPparser

Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.

ProcDOT-Plugins

Plugins to add funtionality to ProcDOT. http://www.procdot.com

walitean

KAPE-Automation

Surge-collect

Script for deploying surge-collect on Windows

WEF

Various WEF information

Logparser-Studio-SIRT-Query

autotimeliner

Automagically extract forensic timeline from volatile memory dump

Azure-App-IDs

Curated list of well-known app ids

scripts

WMI_Forensics

alerting-detection-strategy-framework

A framework for developing alerting and detection strategies for incident response.

BackstageParser

Backstage Parser

darcula.nbm

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

LP_KNFE

manuf

Parser library for Wireshark's OUI database.

misc-scripts

misc scripts

NBDServer

Network Block Device Server for windows with a DFIR/forensic focus.

NPP-UDL

Syntax highlighting for email files

ODEFiles

OneDrive

OneDrive log .ODL reader

plaso_filters

Scripts to facilitate filtering with Plaso

pysddl

Automatically exported from code.google.com/p/pysddl

quarantine-formats

Documentation and parsers for different anti-virus quarantine formats.

sec-vault-gen

Python utility to generate filesystem content for Obsidian.

tnefparse

a TNEF decoding library written in python, without external dependencies

VeraCrypt

Disk encryption with strong security based on TrueCrypt

windows-event-forwarding

A repository for using windows event forwarding for incident detection and response