AndrewRathbun
DFIR @ Unit 42, Admin of the Digital Forensics Discord Server, USMC Veteran, Former LE.
Unit 42Michigan
Pinned Repositories
Awesome-KAPE
A curated list of KAPE-related resources
DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
DFIRMindMaps
A repository of DFIR-related Mind Maps geared towards the visual learners!
DFIRPowerShellScripts
Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
DFIRRegex
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
EventTranscript.db-Research
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
KAPE-EZToolsAncillaryUpdater
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
VanillaWindowsReference
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
VanillaWindowsRegistryHives
A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts
The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen!
AndrewRathbun's Repositories
AndrewRathbun/AndroidForensics
A windows tool for logical forensics analysis on Android device
AndrewRathbun/AFT
Anti-Forensic Toolkit is a countermeasure application used for encrypted systems.
AndrewRathbun/callloganalyzer
Digital Forensic using Phone call log analysis
AndrewRathbun/ForensicsCat
Offline Forensics Tool For Windows Platform
AndrewRathbun/Invoke-BitsParser
Sharing my BITS
AndrewRathbun/NtfsStreams
Viewing NTFS alternate streams in files
AndrewRathbun/Xbox360ForensicsToolkit
Xbox 360 Forensics Toolkit
AndrewRathbun/emailheaderinspector
An outlook add in to analyze the email header and map source ip address to location and asn.
AndrewRathbun/Issues
This is a repository for reporting any issues in any of my software
AndrewRathbun/RegExList
Regular Expressions List used in Digital Forensic Tasks
AndrewRathbun/WhatForensics
WhatsApp forensics analysis and acquisition utility
AndrewRathbun/x-tensions
X-Ways C# X-Tension API