Sankgreall's Stars
cisagov/ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
Yamato-Security/hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
fox-it/dissect
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
trustedsec/tscopy
williballenthin/python-ntfs
Open source Python library for NTFS analysis
cyb3rfox/MFTEntryCarver
Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if resident. It will also parse half broken entries as long as at least one $FN entry is ok.
ForensicArtifacts/artifacts
Digital Forensics artifact repository