Venture: Cross-Platform GUI tool for parsing and analyzing Windows event logs

A fast CSV command line toolkit written in Rust.

a tiny program to consume from ETW providers for research

PowerShell tools to help defenders hunt smarter, hunt harder.

A script that helps you understand why your E-Mail ended up in Spam

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

Automatic and Custom Destinations jump list parser with Windows 10 support

Lnk Explorer Command line edition!!

Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.

C# based evtx parser with lots of extras

Parses RecentFileCacheParser.bcf files

Recycle bin artifact parser

Parses amcache.hve files, but with a twist!

Parse Microsoft shim databases

Full featured, offline Registry parser in C#

Lnk file parser

Prefetch Explorer Command Line

Get all my software

Parses $MFT from NTFS file systems

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10

Software downloads

This repository serves as a place for community created Targets and Modules for use with KAPE.

Command line access to the Registry

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

A practical resource on using open-source tools for Incident Response. This repo shares workflows, tool setups, and steps for responding quickly to security incidents.