Highlights
- Pro
-
EventLogMonitor Public
Forked from AbdulRhmanAlfaifi/EventLogMonitorAn updated fork of @AbdulRhmanAlfaifi's EventLogMonitor, which hooks into Window Event Logs and displays the new events as they are written to disk.
-
evtx Public
Forked from EricZimmerman/evtxC# based evtx parser with lots of extras
C# MIT License UpdatedJul 28, 2025 -
Sync-EZTools Public
A short, focused PowerShell script to automate ensuring that all instances of EZ Tools in a given path have updated ancillary files
-
KapeFiles Public
Forked from EricZimmerman/KapeFilesThis repository serves as a place for community created Targets and Modules for use with KAPE.
-
RECmd Public
Forked from EricZimmerman/RECmdCommand line access to the Registry
-
KAPE-EZToolsAncillaryUpdater Public
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
-
forensic-timeliner Public
Forked from acquiredsecurity/forensic-timelinerC# MIT License UpdatedJun 3, 2025 -
SQLECmd Public
Forked from EricZimmerman/SQLECmdThis repository serves as a place for community created SQLECmd Maps for use with SQLECmd.
-
Get-ZimmermanTools Public
Forked from EricZimmerman/Get-ZimmermanToolsGet all my software
-
WMI-Explorer Public
Forked from vinaypamnani/wmie2An updated fork of @vinaypamnani's wmie2 project
-
Awesome-KAPE Public
A curated list of KAPE-related resources
-
EVTX-ETW-Resources Public
Forked from nasbench/EVTX-ETW-ResourcesEvent Tracing For Windows (ETW) Resources
-
-
xxUSBSentinel Public
Forked from thereisnotime/xxUSBSentinelAn updated fork of @thereisnotime's xxUSBSentinel, a Windows anti-forensics USB monitoring tool.
-
kapesaw Public
Forked from acquiredsecurity/kapesaw**KapeSaw** is a modular PowerShell script for automated forensic collection and timelines
PowerShell UpdatedApr 21, 2025 -
ForensicsTools Public
Forked from mesquidar/ForensicsToolsA list of free and open forensics analysis tools and other resources
-
WMIParserStr Public
Forked from ignacioj/WMIParserStrAn updated fork of @ignacioj's WMIParserStr project
-
DeckLog Public
Forked from dfirdetective/DeckLogA simple method to log whatever you like to a csv from your stream deck
Python MIT License UpdatedApr 3, 2025 -
DFIRArtifactMuseum Public
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…
-
BinReveal Public
Forked from MTJailed/BinRevealAn updated fork of @MTJailed's BinReveal project. This is a project for analyzing files to find signatures or hidden files in a file
-
Walkthroughs Public
A repository of write-ups for various CTFs/training scenarios
-
hayabusa Public
Forked from Yamato-Security/hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Rust GNU Affero General Public License v3.0 UpdatedFeb 14, 2025 -
ToolFetcher Public
Forked from kev365/ToolFetcherA tool for fetching DFIR and other GitHub tools.
-
Presentations Public
A repo of presentations for webinars/talks I've done
MIT License UpdatedFeb 10, 2025 -
ThreatHunting-Keywords Public
Forked from mthcht/ThreatHunting-KeywordsAwesome list of keywords and artifacts for Threat Hunting sessions
PowerShell UpdatedFeb 3, 2025 -
-
ericzimmerman.github.io Public
Forked from EricZimmerman/ericzimmerman.github.ioSoftware downloads
-
DirectoryOpus-DFIRConfig Public
A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.
-
organize Public
Forked from tfeldmann/organizeThe file management automation tool.
-
parseusbs Public
Forked from khyrenz/parseusbsParses USB connection artifacts from offline Registry hives
Python GNU General Public License v3.0 UpdatedDec 10, 2024