sustainablelobster
258,042
Downloads of Packages
Packages:
This user has a large number of packages. For performance reasons we are not going to display the package icons below.
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
A forensic utility for converting data found on desktop and mobile devices into human-readable timestamps.
Arsenal Image Mounter mounts the contents of disk images as complete disks in Microsoft Windows.
Android Logs Events And Protobuf Parser
Android Logs Events And Protobuf Parser
Web browser forensics for Google Chrome/Chromium
Web browser forensics for Google Chrome/Chromium
A tool for creating isolated virtual python environments.
Tableau Forensic Imager (TIM) is Tableau's free forensic imaging software application.
Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples.
A single package that installs all of Eric Zimmerman's forensic tools
geolocate ip addresses in IIS logs
iOS Logs, Events, And Plists Parser
iOS Logs, Events, And Plists Parser
X-Ways Forensics Installation Manager
ShellBags Explorer, command line edition, for exporting shellbag data
ShellBags Explorer allows for visually viewing and interacting with shell bags found in usrclass.dat and ntuser.dat Registry hives
Fast, multi-threaded file hashing utility
GUI SDB parser
Replay transaction logs and update Registry hives so they are no longer dirty. Useful when tools do not know how to handle transaction logs.
Command-line tool used to parse Registry hives
GUI jumplist parser with Windows 10 support
Timeline Explorer allows for viewing a wide range of CSV files such as plaso/log2timeline and fls/mactime generated timelines. It can also open any CSV or Excel file.
Registry Explorer is a Windows Registry analysis tool with a ton of functionality not found anywhere else
Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!)
Graphical $MFT viewer
Parser for $LogFile on NTFS
Extract $MFT record info and log it to a csv file.
Fast suspicious file finder for incident response.
FullEventLogView displays the details of all events from the event log of Windows (Including the event description).
Windows Recycle Bin artifact parser
bulk_extractor is a high-performance digital forensics exploitation tool.
bstrings is a better strings utility
Amcache.hve parser
Command line jumplist parser with Windows 10 support
lnk (Windows shortcut) parser
Windows prefetch parser
AppCompatCache aka shimcache parser
Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more!
Parses RecentFileCache.bcf files
Windows Volume Shadow Copy mounting tool
TimeApp displays the current and UTC times with millisecond precision
NTFS MFT parser
Hibernation Recon extracts forensic data from Windows hibernation files.
Windows 10 Timeline database parser
Find and process SQLite files according to your needs with maps!
Parser for $UsnJrnl on NTFS
Process SRUDB.dat and (optionally) SOFTWARE hive for network, process, and energy info!
Process Microsoft User Access Logs found under 'C:\Windows\System32\LogFiles\SUM'
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Simple IOC and Incident Response Scanner
Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
Course Badges:
