Category: Forensics

Windows Event Log Analyzer

WELA: Windows Event Log Analyzer

WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze...

Winshark

Winshark: wireshark plugin to instrument ETW

Winshark Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25, 2019. Wireshark has...

Incident Response Collection

Incident Response Collection Protocol

Incident Response Collection Protocol (IRCP) A series of PowerShell scripts to automate artifact collection & assist Responders triaging endpoints in lab-based & onsite environments. IRCP Features IRCP supports E01, VMDK,...

Windows Registry Browser

Registry-Spy: Cross-Platform Windows Registry Browser

Registry Spy: Cross-Platform Windows Registry Browser Registry Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw registry files. Features include:...

.NET memory dumps

turdshovel: dump objects from .NET memory dumps

turdshovel Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps without having to fully understand the intricacies of WinDbg. It uses Python.NET to wrap around ClrMD and...

Cyber Threat Map

raven: Advanced Cyber Threat Map

Raven Raven – Advanced Cyber Threat Map (Simplified, customizable and responsive. It uses D3.js with TOPO JSON, has 247 countries, ~100,000 cities, and can be used in an isolated environment without...