• 🌱 I’m currently learning C# and PowerShell
• 👯 I’m looking to collaborate on anything related to DFIR
• 🤔 I’m looking for help withKAPE Targets/Modules,EvtxECmd Maps,SQLECmd Maps,RECmd Batch Files,Registry Explorer Bookmarks,Registry Explorer Plugins, andTimeline Explorer Plugins

Check outmy repositories as I have a lot going on all the time!

My most actively maintained projects can be foundhere.

I enjoy finding abandoned DFIR tools/projects on GitHub and performing basic updates to keep them relevant and useful to the DFIR community. Check out all the tools I've forked and updated (to varying degrees)here. If you have any ideas of tools or scripts that are long overdue for a tuneup, please let me know!

If you think theForked/Updated DFIR Tools list is cool, here is a list of tool repositories that may be transferred to that list someday! Think of this list as a to-do list for me to add more tools to the Forked/Updated DFIR Tools list. Check out my Projects That Need Updating listhere.

Join theDigital Forensics Discord Server! Check out my beginner's guidehere! Also, check out the Digital Forensics Discord Server's GitHub Organizationhere where there's lots of cool ongoing projects!

TheDigital Forensics Discord Server produced a crowdsourced book on August 15, 2022. Check it outhere!

Eric Zimmerman and I co-authored and published the EZ Tools Manuals on Leanpub! Check it outhere!

Eric Zimmerman's posts from hisBinary Foray blog are now in PDF and EPUB format. Check it outhere!

PinnedLoading

1. DFIRMindMapsDFIRMindMapsPublic

   A repository of DFIR-related Mind Maps geared towards the visual learners!

   516 67

2. Awesome-KAPEAwesome-KAPEPublic

   A curated list of KAPE-related resources

   163 16

3. DFIRRegexDFIRRegexPublic

   A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

   91 10

4. VanillaWindowsReferenceVanillaWindowsReferencePublic

   A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs t…

   154 18

5. DFIRArtifactMuseumDFIRArtifactMuseumPublic

   The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

   HTML 582 49

6. Digital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExpertsDigital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExpertsPublic template

   The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out ther…

   Ruby 205 21