MFTECmd
$MFT parserCategory: Eric ZimmermanCategory URL: http://www.dfir.training/component/mtree/by-developer/eric-zimmerman?Itemid=
View ArticleRBCmd
Recycle Bin artifact (INFO2/$I) parserCategory: Eric ZimmermanCategory URL: http://www.dfir.training/component/mtree/by-developer/eric-zimmerman?Itemid=
View ArticleRecentFileCacheParser
RecentFileCache parserCategory: Eric ZimmermanCategory URL: http://www.dfir.training/component/mtree/by-developer/eric-zimmerman?Itemid=
View ArticleTimeline Explorer
View CSV and Excel files, filter, group, sort, etc. with easeCategory: Eric ZimmermanCategory URL: http://www.dfir.training/component/mtree/by-developer/eric-zimmerman?Itemid=
View ArticleBackstage Parser
Arsenal's Backstage Parser is a python tool that can be used to parse the contents of Microsoft Office files found in the “\Users(User)\AppData\Local\Microsoft\Office\16.0\BackstageinAppNavCache” path....
View ArticleCyberGate Keylogger Decryption Tool
Arsenal's CyberGate Keylog Decrypter script is a python tool that can be used against CyberGate encrypted keylogger files (either whole or in part, provided that the individual record is intact) to...
View ArticleCointel
Cointel provides insights in Bitcoin and Zcash transactions. Using advanced clustering techniques spent analysis of specific suspects can be generated. Moreover the possibility for notifications on...
View ArticleForensic7z
Forensic7z is a plugin for the popular 7-Zip archiver. You can use Forensic7z to open and browse disk images created by specialized software for forensic analysis, such as Encase or FTK Imager. At the...
View ArticleClik here to view.
Arsenal Recon HiveRecon
HiveRecon extracts Registry hives from Windows® hibernation and crash dump files, often extracting hives when other solutions have completely failed and extracting healthier (more intact) hives when...
View ArticleClik here to view.
Arsenal Recon HbinRecon
HbinRecon identifies and parses Windows® Registry hive bins (hbins) from any input. Hive bins are essentially the building blocks of Registry hives. Examples of HbinRecon input include healthy Registry...
View ArticleClik here to view.
autotimeliner
Automagically extract forensic timeline from volatile memory dumps. Requirements Python Volatility mactime (from SleuthKit) How it works AutoTimeline automates this workflow: Identify correct...
View ArticleMantaRay Forensics
VirusShare.com 0-337 hash sets were converted to RAW, EnCase and Autopsy format. All hash sets (0-337) were added to one file and duplicates were removed. NSRL Modern v2.62 was compared to the unique...
View ArticleZetx Trax
From the minute a target number is identified, to the moment it is presented to a jury, ZetX covers every aspect to include basic investigative training to Subject Matter Expert certifications. ZetX...
View ArticleAttack Defense
Category: CTF & ChallengesCategory URL: http://www.dfir.training/component/mtree/test-images-and-challenges/ctf?Itemid=
View ArticleAChReport
AChReport is a Python Report Writer for AChoir AChReport IS NOT meant as a comprehensive reporting tool. It's power is in extracting the most important information and presenting it in an easy to...
View ArticleArtifactExtractor
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be checked (via hash) if they are different from a later VSC/image copy before...
View Articlegrafana/loki
Loki: like Prometheus, but for logs. Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to...
View ArticleSigcheck
Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. It also includes an option to check a file’s...
View ArticleMantaRay Forensics
VirusShare.com 0-337 hash sets were converted to RAW, EnCase and Autopsy format. All hash sets (0-337) were added to one file and duplicates were removed. NSRL Modern v2.62 was compared to the unique...
View ArticleZetx Trax
From the minute a target number is identified, to the moment it is presented to a jury, ZetX covers every aspect to include basic investigative training to Subject Matter Expert certifications. ZetX...
View Article