Jérôme A.'s starred repositories
awesome-forensics
A curated list of awesome forensic analysis tools and resources
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
cargo-xbuild
Automatically cross-compiles the sysroot crates core, compiler_builtins, and alloc.
timesketch
Collaborative forensic timeline analysis
python-ntfs
Open source Python library for NTFS analysis
EventTranscriptParser
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
EventTranscript.db-Research
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Google-Analytic-Parser
Parses for Google Analytic values in raw files like RAM, DD images etc.
Chrome-Parse
Parse Chrome History and Downloads into TSV or TLN format
Office-Plist-Parser
Script to parse the recent documents from MS Office plist file
Safari-Binary-Cookie-Parser
Script to parse Safari Binary Cookies from Cookies.binarycookies file
OnionPeeler
Python script to batch query the Tor Relays and Bridges
AmcacheParser
Parses amcache.hve files, but with a twist!
RegistryExplorerBookmarks
Registry Explorer bookmark definitions
PowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
Azure-AD-Incident-Response-PowerShell-Module
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
thumbsviewer
Thumbs Viewer - Extract Windows Thumbs.db database files.