Windows

A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.

Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.

A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

Windows event log fast forensics timeline generator and threat hunting tool.

A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.

Enhances Windows OS security through system modifications and settings adjustments.

Cheat sheet with common enumeration and attack methods for Windows Active Directory.

A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.

TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.

GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.

An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.

A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.

A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.

A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

Tool for analyzing Windows Recycle Bin INFO2 file

A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.

ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.

A Sysmon configuration file template with detailed explanations and tutorial-like features.

A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.

A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.

DFIR ORC Documentation provides detailed instructions for setting up the build environment and deploying the tool.