digitalforensics

Digital Forensics Guide

A repository of DFIR-related Mind Maps geared towards the visual learners!

Collection of Event ID ressources useful for Digital Forensics and Incident Response

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

A curated list of KAPE-related resources

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.

A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

A tool designed to analyse email headers

A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!

Property List Timestamp Parser 4 forensics && fun.

OverWatchINT is an Open Source Intelligence and All-in-One Hacking Tool. It's purpose is to reduce the time and efforts of security researchers and cyber experts.

Common output format for hashlookup

wip: detect forged images, videos and audio files

overview and summation of digital forensics and incident response topic.

This repository serves as a place for community created SQLECmd Maps for use with SQLECmd.

Yrden is a DFR tool plugin manager which is used to manage plugins that will gather potential digital evidence (PDE) proactively. It is designed to aid in the overall digital forensic investigation (DFI) process by making it easier to adopt a system that can gather PDE.

Scenario: Digital Forensics, completed a final report to present findings. Gathered evidence from an iPhone image file. Looking at WiFi and GPS info, photos and conversations, analyzed the evidence and created timestamps using autopsy.

A curated list of tools which you can use in Infosec!

This repository is for my final project for course CFDI450. It contains python scripts for automating red teaming and digital forensics tasks.

This repository contains the two projects completed in Auburn University's COMP 6350 (digital forensics) course. Both projects were completed with my project teammates Virginia Hudson and Casey Waid

A curated list of awesome forensic analysis tools and resources