hiddenillusion

AnalyzePE

Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file.

AnalyzePDF

Tool to help analyze PDF files

IPinfo

Searches various online resources to try and get as much info about an IP/domain as possible.

NoMoreXOR

Tool to help guess a files 256 byte XOR key by using frequency analysis

IR

Some dfir stuff

FileLookup

Quick & dirty script to get info on a file from online resources (VirusTotal, Team Cymru, Shadow Server etc.)

yara-goodies

Useful scripts, rules etc. for use with YARA

useful-scripts

hiddenillusion.github.io

Repo for https://hiddenillusion.github.io

bmc-tools

RDP Bitmap Cache parser

creddump7

ES-stuff

some elastic search stuff

example-code

Some things I found useful along the way

timesketch

Collaborative forensics timeline analysis

volatility-foo

appcompatprocessor

"Evolving AppCompat/AmCache data analysis beyond grep"

cloud-forensics-utils

Python library to carry out DFIR analysis on the Cloud

community

Volatility plugins developed and maintained by the community

EventMonkey

A Windows Event Processing Utility

INDXParse

Tool suite for inspecting NTFS artifacts.

knockknock

Who's there?

LfLe

Recover event log entries from an image by heurisitically looking for record structures.

liblightgrep

not the worst forensics regexp engine

process-forest

Reconstruct process trees from event logs

pylzma

Python bindings for the LZMA library

registrydecoder

This is a copy of the Registry Decoder repository from Google Code.

volatility

An advanced memory forensics framework

volatility-autoruns

Autoruns plugin for the Volatility framework

Volatility-Plugins

volatility-plugins-1

Plugins I've written for Volatility