AndrewRathbun

Awesome-KAPE

A curated list of KAPE-related resources

DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

DFIRMindMaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

DFIRPowerShellScripts

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

DFIRRegex

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

EventTranscript.db-Research

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

KAPE-EZToolsAncillaryUpdater

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

VanillaWindowsReference

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!

VanillaWindowsRegistryHives

A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts

The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen!

AndrewRathbun/Awesome-KAPE

A curated list of KAPE-related resources

AndrewRathbun/KAPE-EZToolsAncillaryUpdater

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

AndrewRathbun/Regshot-Advanced

This is an updated fork of RegShot Advanced. The main point of this fork is to provide a compiled, signed binary for the most recent version.

AndrewRathbun/AndrewRathbun

AndrewRathbun/BeaconHunter

An updated fork of @3lp4tr0n's BeaconHunter. Detect and respond to Cobalt Strike beacons using ETW

AndrewRathbun/ForensicMiner

A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

AndrewRathbun/bmc-tools

An updated fork of RDP Bitmap Cache parser, with outstanding PRs merged

AndrewRathbun/Get-UsnJrnlInfo

A fork of @evild3ad's Get-UsnJrnlInfo PowerShell Script. Very minor changes for the purpose of a KAPE Module. Gathers information from an extracted $Max file

AndrewRathbun/GHOSTS

GHOSTS is a realistic user simulation framework for cyber simulation, training, and exercise

AndrewRathbun/WinSearchDBAnalyzer

An updated fork of @moaistory's WinSearchDBAnalyzer project

AndrewRathbun/Bogus

:card_index: A simple fake data generator for C#, F#, and VB.NET. Based on and ported from the famed faker.js.

AndrewRathbun/CSVFileDetailsExtractor

A simple tool to enumerate useful details from CSV files recursively from a provided folder path

AndrewRathbun/DiscordTokenCarver

Carves/steals tokens for discord from local machine

AndrewRathbun/EtwExplorer

View ETW Provider manifest

AndrewRathbun/GitHubLearningPlayground

Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes here before you make them elsewhere more public!

AndrewRathbun/LikeNtfsWalker

ToyProject_Like NTFSwalker

AndrewRathbun/OneDriveExplorer

AndrewRathbun/openhardwaremonitor

Open Hardware Monitor

AndrewRathbun/PEExplorer

Portable Executable Explorer

AndrewRathbun/CSVHeaderHunter

C# program to grab all CSV headers from a directory recursively and output to a CSV file

AndrewRathbun/CsvMerger

A simple program to merge CSV files together.

AndrewRathbun/evtx

C# based evtx parser with lots of extras

AndrewRathbun/Get-ZimmermanTools

Get all my software

AndrewRathbun/MP3TagExtractor

A command-line application to extract (recursively, if needed) IDv3 metadata from audio files

AndrewRathbun/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

AndrewRathbun/sidr

Search Index Database Reporter

AndrewRathbun/sigma

Generic Signature Format for SIEM Systems

AndrewRathbun/spectre.console

A .NET library that makes it easier to create beautiful console applications.

AndrewRathbun/WingetUI

WingetUI: The Graphical Interface for your package managers

AndrewRathbun/WPF-Samples

Repository for WPF related samples