Digital Forensics

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.

A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.

A Python-based engine for automatic creation of timelines in digital forensic analysis

Documentation project for Digital Forensics Artifact Repository

Toolkit for post-mortem analysis of Docker runtime environments using forensic HDD copies.

AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.

A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

Automated digital image forensics tool

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.

A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.

Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.

steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.

A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.

A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.

Automated collection tool for incident response triage in Windows systems.

A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.

Developing APIs to access memory on industrial control system devices.