Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Reach out!
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
ForensicMiner, Redefine DFIR Automations
A library to access and parse Windows NT Registry File (REGF) format.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
Automated collection tool for incident response triage in Windows systems.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A library to access and parse Windows Shortcut File (LNK) format.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
Tool for analyzing Windows Recycle Bin INFO2 file
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.
A library for working with Windows NT data types, providing access and manipulation functions.
libevt is a library to access and parse Windows Event Log (EVT) files.
Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.
