Tools and methodologies for investigating digital incidents and gathering electronic evidence. Task: Windows
Explore 23 curated tools and resources
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
ForensicMiner, Redefine DFIR Automations
A library to access and parse Windows NT Registry File (REGF) format.
A Windows Registry hive extraction library that reads and writes Windows Registry 'hive' binary files.
Automated collection tool for incident response triage in Windows systems.
Windows anti-forensics USB monitoring tool with the ability to shutdown the computer upon detecting the unplugging of a specified USB device.
A library to access and parse Windows Shortcut File (LNK) format.
A suite of console tools for working with timestamps in Windows with 100-nanosecond precision.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Windows event log fast forensics timeline generator and threat hunting tool.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.