Rekall Framework plugins for heap memory analysis of LEMP servers

Solution to EkoParty 2020 Pre-CTF Challenge - Meta

small pieces of code dedicated to the digital investigation of Windows mainly from Linux

Convert Android Backup to GZ format.

2016 Black T-Shirt Forensics Challenge from Stevenson University and Other Academic Partners

Hello, this is repository which has solutions for Natas Labs.

This repository implements a check on System32 executable files to detect backdoor by renamed file

CTF write-ups among other things

USB device tracker as anti-forensic kill-switch

Several scrpts for solving CTF's & descriptions of several tools

Non-biallelic SNPs for population genetics and forensics.

processes a disk using fiwalk and exports filemetata into csv,sqlite and xml output

Correlates MS Word documents for forensic digital evidence examination

An advanced memory forensics framework

Covert DD images to E01's using FTK Imager

Beta versions of my software

This script is inelegant but straightforward and identifies downloaded files and the url from which the file was downloaded (if ADS Zone Identifier is available) in the System32 directory. Additionally, it also identifies .iso and .img files in the user's download directory. This is intended for Incident Responders, SOC Analysts, and Threat Rese…

All the CTF challenge write ups that I have completed in the past

Simple, but useful forensic tools to inspect the history and provenance of a Docker image. Used to investigate potential backdoors/malware.

Cross Platform - Python3 Prefetch Parser - single files, directory of pf files