PoorBillionaire

followers

0

following

stars

Adam Witt's starred repositories

dockerfiles

Various Dockerfiles I use on the desktop and on servers.

Language:DockerfileMIT13660 427 206

volatility

An advanced memory forensics framework

Language:PythonGPL-2.07198 309 739

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Language:PowerShellApache-2.06389 199 505

suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

Language:CGPL-2.04476 1740

capa

The FLARE team's open-source tool to identify capabilities in executable files.

Language:PythonApache-2.04113 83 964

velociraptor

Digging Deeper....

Language:GoNOASSERTION2888 75 1136

sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

Language:C2578 184 557

go-audit

go-audit is an alternative to the auditd daemon that ships with many distros

Language:GoMIT1571 48 47

streamparse

Run Python in Apache Storm topologies. Pythonic API, CLI tooling, and a topology DSL.

Language:PythonApache-2.01490 103 327

speakeasy

Windows kernel and user mode emulation.

Language:PythonMIT1474 56 74

protocol

An ASCII Header Generator for Network Protocols

Language:PythonGPL-3.0780 18 5

unfurl

Extract and Visualize Data from URLs using Unfurl

Language:PythonApache-2.0600 23 82

python-registry

Pure Python parser for Windows Registry hives.

Language:PythonApache-2.0425 38 63

lmg

Script for automating Linux memory capture and analysis

Language:Shell263 29 6

libewf

Libewf is a library to access the Expert Witness Compression Format (EWF)

Language:CLGPL-3.0263 33 186

Registry

Full featured, offline Registry parser in C#

Language:C#MIT218 27 14

c-aff4

An AFF4 C++ implementation.

Language:C++Apache-2.0187 18 63

nsrllookup

Checks with NSRL RDS servers looking for for hash matches

Language:C++ISC111 13 11

hotoloti

documentation, scripts, tools related to Zena Forensics (http://blog.digital-forensics.it)

Language:Perl94 13 1

nsrlsvr

Language:C++ISC82 11 17

libscca

Library and tools to access the Windows Prefetch File (SCCA) format.

Language:CLGPL-3.071 10 11

python-rtkit

Python Api for Request Tracker's REST interface

Language:PythonNOASSERTION68 17 33

taco-bell-as-a-service

For maximizing efficiency on those Taco Bell trips

Language:GoMIT30 20

macOS-triage

macOS triage is a python script to collect various macOS logs, artifacts, and other data.

Language:PythonMIT25 90

CDPO

CDPO is a tool to validate, de-duplicate, combine, query, and encrypt track data recovered from a breach.

Language:PythonApache-2.015 20

mcurses

A curses like library that 'draws' in memory instead of stdout

Language:CMIT4 40

BupSummary

Gathers summary details from multiple McAfee antivirus quarantine (BUP) files

Language:PythonApache-2.03 3 1