Ryan Jones's repositories
APOLLO
Apple Pattern of Life Lazy Output'er
ArtifactExtractor
Extract common Windows artifacts from source images and VSCs
avml
AVML - Acquire Volatile Memory for Linux
commando-vm
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution.
cs-bro
Bro scripts written by CrowdStrike Services
yara
various yara things
Forensics
Scripts and code referenced in CrowdStrike blog posts
LiME
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
openioc_scan
openioc_scan Volatility Framework plugin
RegRipper2.8
RegRipper version 2.8
ryanmjones.github.io
Trying some stuff out
sleuthkit
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
stocksight
Stock market analyzer and predictor using Elasticsearch, Twitter, News headlines and Python natural language processing and sentiment analysis
SwishDbgExt
Incident Response & Digital Forensics Debugging Extension
volatility
An advanced memory forensics framework
volatility3
Volatility 3.0 development