ezaspy

elrond

Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.

MITRESaw

Obtain actionable identifiers from MITRE ATT&CK framework based on provided parameters.

oscybershop

A simple collection of free and affordable cyber security resources...

bruce

Python script for outputting PCAPs as JSON as well as extracting attachments within the traffic stream

evt2json

Convert EVT and EVTX files to JSON for easier SIEM tool ingestion

ezaspy

gandalf

Collection of acquisition scripts for collecting digital forensic artefacts

apfs-fuse

FUSE driver for APFS (Apple File System)

avml

AVML - Acquire Volatile Memory for Linux

Best-README-Template

An awesome README template to jumpstart your projects!

dwarf2json

convert ELF/DWARF symbol and type information into vol3's intermediate JSON

etl-parser

Event Trace Log file parser in pure Python

KStrike

Stand-alone parser for User Access Logging from Server 2012 and newer systems

lme

Logging Made Easy

LOOBins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.

markdown-snippets

:clipboard: Markdown snippets for your documentation files.

profiles

Volatility profiles for Linux and Mac OS X

python-evtx

Pure Python parser for recent Windows Event Log files (.evtx)

rdap

RDAP command line client

srum-dump

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

template

Template python repository

theredactor

Python script to redact Personally Identifiable Information from selection of common files.

volatility

An advanced memory forensics framework

Windows-Symbol-Tables

Windows symbol tables for Volatility 3

WMI_Forensics