Pinned Repositories
KAPE-Automation
ODEFiles
cstruct files are yaml based files with cstruct definitions in them. They act as a map on how the log entry should be parsed and eliminating garbage data that would otherwise pose an issue when it comes to de-obfuscation.
OneDriveExplorer
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
Personal-Vault-BEK
Script to automate saving OneDrive PersonalVault BEK file
ProcDOT-Plugins
Plugins to add funtionality to ProcDOT. http://www.procdot.com
pystemon
Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon
Redline-Process-Tree-Report
Graphical representation of processes from Redline
SEPparser
Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
Surge-collect
Script for deploying surge-collect on Windows
walitean
Beercow's Repositories
Beercow/OneDriveExplorer
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
Beercow/SEPparser
Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
Beercow/ProcDOT-Plugins
Plugins to add funtionality to ProcDOT. http://www.procdot.com
Beercow/walitean
Beercow/KAPE-Automation
Beercow/Personal-Vault-BEK
Script to automate saving OneDrive PersonalVault BEK file
Beercow/Surge-collect
Script for deploying surge-collect on Windows
Beercow/WEF
Various WEF information
Beercow/Logparser-Studio-SIRT-Query
Beercow/autotimeliner
Automagically extract forensic timeline from volatile memory dump
Beercow/Azure-App-IDs
Curated list of well-known app ids
Beercow/Lyman
Lyman’s purpose is to aid in the creation of .cstruct files. These files help to parse OneDrive logs into their components which can lead to better log decryption. By focusing on the data rather than trying to learn how to construct these files, it becomes easier to extract data that otherwise might be missed or misinterpreted.
Beercow/scripts
Beercow/ODEFiles
cstruct files are yaml based files with cstruct definitions in them. They act as a map on how the log entry should be parsed and eliminating garbage data that would otherwise pose an issue when it comes to de-obfuscation.
Beercow/alerting-detection-strategy-framework
A framework for developing alerting and detection strategies for incident response.
Beercow/BackstageParser
Backstage Parser
Beercow/darcula.nbm
Beercow/DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
Beercow/KapeFiles
This repository serves as a place for community created Targets and Modules for use with KAPE.
Beercow/LP_KNFE
Beercow/misc-scripts
misc scripts
Beercow/NBDServer
Network Block Device Server for windows with a DFIR/forensic focus.
Beercow/NPP-UDL
Syntax highlighting for email files
Beercow/OneDrive
OneDrive log .ODL reader
Beercow/plaso_filters
Scripts to facilitate filtering with Plaso
Beercow/pysddl
Automatically exported from code.google.com/p/pysddl
Beercow/quarantine-formats
Documentation and parsers for different anti-virus quarantine formats.
Beercow/sec-vault-gen
Python utility to generate filesystem content for Obsidian.
Beercow/tnefparse
a TNEF decoding library written in python, without external dependencies
Beercow/VeraCrypt
Disk encryption with strong security based on TrueCrypt