Martin Willing's starred repositories
Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
KnockKnock
Enumerate persistently installed software
Netiquette
Network Monitor
MFT_Browser
$MFT directory tree reconstruction & FILE record info
WhatsYourSign
WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!
AuthLogParser
AuthLogParser is a powerful DFIR tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log
WindowsTimeline
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
OneNoteAnalyzer
A C# based tool for analysing malicious OneNote documents
TaskExplorer
Visually explore all running tasks (processes) ....viewing its signature status, loaded dylibs, open files, network connection, and much more.
Evtx_Log_Browser
Evtx Log (xml) Browser
Prefetch-Browser
Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's
Jumplist-Browser
Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
zui-insiders
Releases for the Zui Insiders app.
macos-fseventsd
A library to parse macOS FsEvents
Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
PowerTriage
PowerTriage is a tool for SOCs and CERTs to captures a plethora of live data from remote computers