Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Collection of Event ID ressources useful for Digital Forensics and Incident Response

A repository of DFIR-related Mind Maps geared towards the visual learners!

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

A list of 350+ free TryHackMe rooms💻 to kick off your cybersecurity learning, organized by topics for easy exploration and practical skill-building !💀💥

A curated list of tools for incident response. With repository stars⭐ and forks🍴

(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.

Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspection, lateral movement tracking, persistence detection, and VirusTotal enrichment.

A curated list of KAPE-related resources

Curated manuals, playbooks, and checklists for OSINT, OPSEC, cyber security, and digital investigations

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

A tool designed to analyse email headers

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.

Mycroft is a Offline File Analyzer and Metadata Scraper

Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!

Digital Forensics Essentials (DFE)

OverWatchINT is an Open Source Intelligence and All-in-One Hacking Tool. It's purpose is to reduce the time and efforts of security researchers and cyber experts.

Digital Forensics Tools Collection

Practical DFIR and incident response playbooks covering phishing, malware, ransomware, insider threats, and cloud security incidents for SOC and IR teams.

A curated list of tools which you can use in Infosec!

A framework to detect & localize facial image manipulation.

DataHarvester: A step-by-step OSINT guide to start with just a name and discover public accounts, social profiles, and other digital traces - all legal, passive, and educational.