This repo is a collection of queries I have collected or created in working with DFIR related projects that have timeline data in Timesketch or ELK.

Feel free to create a Pull Request if you want to add to this repo or just grab what you need.