Digital Forensics for Windows
Tools and methodologies for investigating digital incidents and gathering electronic evidence. Task: Windows
Explore 23 curated tools and resources
RELATED TASKS
LATEST ADDITIONS
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
ForensicMiner, Redefine DFIR Automations
A library to access and parse Windows NT Registry File (REGF) format.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
Automated collection tool for incident response triage in Windows systems.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A library to access and parse Windows Shortcut File (LNK) format.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security