Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Practical Windows Forensics Training

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.

Forensics artefact collection tool for systems running Microsoft Windows

Hands-on projects for beginners to learn and practice Windows forensics and essential cybersecurity skills

Windows Forensics Environment Builder

pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.

Process heap analysis framework - Windows/Linux - record type inference and forensics

WELA (Windows Event Log Analyzer, ゑ羅) is a tool for auditing Windows event log settings. Windows event logs are a vital source of information for Digital Forensics and Incident Response (DFIR), providing visibility into system activity and security events.

A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics

RustyBlue is a rust implementation of DeepblueCLI, a forensics log analyzer for finding evidence of compromise from windows event logs.

Windows anti-forensics USB monitoring tool.

Windows forensics Engine

PowerShell scripts for Hard Drive forensics and parsing Windows Artifacts

Digital Forensics Windows Registry (dfWinReg)

Winterfell is a group of windows batch scripts to collect Windows forensics data and perform efficient, and fast incident response and threat hunting activities.

Automation Forensics Tool for Windows

Enterprise PowerShell & VBScript suite for Active Directory automation, ITSM-aligned provisioning, security hardening, and digital forensics - built for Windows Server and workstation environments by a Senior IAM Analyst with a focus on accuracy, scalability, and compliance.

Volatility memory forensics plugin for extracting Windows DNS Cache

Collection of single use scripts I worte for windows forensics

This tool will allow Forensic Investigators retrieve saved data from Google Chrome such as saved passwords and usernames, searches, history, and autofill data

Hardened your Windows OS against forensics analysis

Windows Forensics Salt States

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

Fix acquired .evt - Windows Event Log files (Forensics)

Digital forensics image that was prepared to cover a full Windows Forensics

A powerful tool designed to harvest and collect a wide range of windows system data for forensics.

A lightweight, extensible forensic tool that leverages eBPF to collect real-time system events on Windows for Digital Forensics and Incident Response.

A professional hybrid digital forensics tool consisting of a high-performance Rust CLI engine and an intuitive Electron GUI for rapid Windows system analysis.