Digital Sleuth's repositories
familytreemaker
Generates a family tree graph from a simple text file
android-locdump
android location service cache dumper
apkinspector
APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
artifacts
Digital Forensics Artifact Repository
bingocards
A simple python class for generating bingo-cards
danderspritz-evtx
Parse evtx files and detect use of the DanderSpritz eventlogedit module
edge_decrypt
Simple console utility to read, deobfuscate and print out homepages for Microsoft Edge browser
ETLParser
Binary commandline executable to parse ETL files
f5-steganography
a python implement of f5 steganography
hashlnk
Utility to compute and apply a hash for "WinX" shortcuts
IRTriage
Incident Response Triage - Windows Evidence Collection for Forensic Analysis
linux-cisco
To be able to run linux on a Cisco Catalyst 2900XL.
Linux-write-blocker
The kernel patch and userspace tools to enable Linux software write blocking
mobileForensics
Scripts developed to help in mobile forensics investigations
nrs
NSIS Reversing Suite with IDA Plugins
ntdsxtract
Active Directory forensic framework
NtfsStreams
Viewing NTFS alternate streams in files
OpenLV
OpenLV helps first responders quickly and safely interact with potential evidence much as if they sat down and interacted with a suspect PC
orly-full-res
Full resolution images of the O RLY book covers made by The Practical Dev
OSX-QuickLook-Parser
Parse the Mac Quickook index.sqlite database
PowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
process-forest
Reconstruct process trees from event logs
pyshadowcopy
Python class to create, work with and delete volume shadow copies on Windows
shellbags
Cross-platform, open-source shellbag parser
ShowUI
ShowUI is a PowerShell module to help build graphical user interfaces in script.
Windows-Prefetch-Parser
Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files