Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)

OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.

Parses USB connection artifacts from offline Registry hives

Forensic toolkit for iOS sysdiagnose feature

Extract files from Apple devices on Windows, Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups"

AWS Certified Cloud Practitioner Short Notes And Practice Exams (CLF-C02)

Clusters and elements to attach to MISP events or attributes (like threat actors)

Official OWASP Top 10 Document Repository

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

☕ Caffeine for Windows to prevent PC to sleep

Mouse Jiggler is a very simple piece of software whose sole function is to "fake" mouse input to Windows, and jiggle the mouse pointer back and forth.

Move Mouse is a simple piece of software that is designed to simulate user activity.

Telegram-iOS

This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365 Unified Audit Log.

MS Word (DOCx) Parsing Tool

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.

A toolkit to run Ray applications on Kubernetes

Ray is an AI compute engine. Ray consists of a core distributed runtime and a set of AI Libraries for accelerating ML workloads.

Multi-user server for Jupyter notebooks

GraphiQL & the GraphQL LSP Reference Ecosystem for building browser & IDE tools.

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

Apple's Time Machine fuse read only file system

macOS .DS_Store Parser

A curated list of CTF frameworks, libraries, resources and softwares

Indicators of Compromises (IOC) of our various investigations

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Fast IOC and YARA Scanner

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to invest…