Th3Tul1p3

followers

following

stars

swiss

Jérôme A.'s starred repositories

RLEAPP

Returns Logs Events And Properties Parser

Language:PythonMIT9000

capa

The FLARE team's open-source tool to identify capabilities in executable files.

Language:PythonApache-2.0402300

WinPmem

The multi-platform memory acquisition tool.

Language:CApache-2.064700

ForensicPosters

awesome-forensics

A curated list of awesome forensic analysis tools and resources

CC0-1.0375400

MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Language:PowerShellGPL-3.043300

cargo-xbuild

Automatically cross-compiles the sysroot crates core, compiler_builtins, and alloc.

Language:RustApache-2.025700

BlueHound

BlueHound - pinpoint the security issues that actually matter

Language:TypeScriptApache-2.069500

timesketch

Collaborative forensic timeline analysis

Language:PythonApache-2.0254400

python-ntfs

Open source Python library for NTFS analysis

Language:PythonApache-2.07900

tscopy

Language:Python8800

EventTranscriptParser

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Language:PythonMIT6800

EventTranscript.db-Research

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

MIT3800

Google-Analytic-Parser

Parses for Google Analytic values in raw files like RAM, DD images etc.

Language:Python1700

mft-parse

Tool to parse the output of MFTDump.exe to bodyfile format

Language:Python1100

Chrome-Parse

Parse Chrome History and Downloads into TSV or TLN format

Language:Python1500

Office-Plist-Parser

Script to parse the recent documents from MS Office plist file

Language:Python500

Safari-Binary-Cookie-Parser

Script to parse Safari Binary Cookies from Cookies.binarycookies file

Language:Python3700

OnionPeeler

Python script to batch query the Tor Relays and Bridges

Language:Python3500

ntfs

An implementation of the NTFS filesystem in a Rust crate, usable from firmware level up to user-mode.

Language:RustApache-2.050500

AmcacheParser

Parses amcache.hve files, but with a twist!

Language:C#MIT11200

RawCopy

Commandline low level file extractor for NTFS

Language:AutoItNOASSERTION26900

RegistryExplorerBookmarks

Registry Explorer bookmark definitions

MIT4300

PowerForensics

PowerForensics provides an all in one platform for live disk forensic analysis

Language:C#MIT137300

NMapify

NMapify is a Python tool that creates mind maps to visualize network layouts using Nmap. It also generates test cases for each identified port to assist pentesters in conducting efficient network pentests.

Language:PythonMIT5100

rust-course

MIT11500

hindsight

Web browser forensics for Google Chrome/Chromium

Language:PythonApache-2.0104500

Azure-AD-Incident-Response-PowerShell-Module

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.

Language:PowerShellMIT40500

CyLR

CyLR - Live Response Collection Tool

Language:C#GPL-3.061400

thumbsviewer

Thumbs Viewer - Extract Windows Thumbs.db database files.

Language:C++9400