Pinned Repositories
libtsk-rs
Wrapper for TSK (Sleuth Kit) Bindings
PancakeViewer
A DFVFS Backed Forensic Viewer
pyshellitems
Python library and tools for handling shell items / property lists and stores / and extension blocks. This project is for learning purposes and is not maintained.
PyWindowsThingies
Windows Thingies in Python for live use.
RsWindowsThingies
Windows Thingies... but in Rust
RustyLnk
LNK to JSON
RustyMft
MFT to JSON
RustyPrefetch
Prefetch to JSON. This Project is for learning purposes and is not maintained.
RustyReg
Registry to JSON. This Project is for learning purposes and is not maintained.
RustyUsn
USN to JSON
forensicmatt's Repositories
forensicmatt/PancakeViewer
A DFVFS Backed Forensic Viewer
forensicmatt/PyWindowsThingies
Windows Thingies in Python for live use.
forensicmatt/RsWindowsThingies
Windows Thingies... but in Rust
forensicmatt/RustyUsn
USN to JSON
forensicmatt/RustyLnk
LNK to JSON
forensicmatt/RustyReg
Registry to JSON. This Project is for learning purposes and is not maintained.
forensicmatt/libtsk-rs
Wrapper for TSK (Sleuth Kit) Bindings
forensicmatt/pyshellitems
Python library and tools for handling shell items / property lists and stores / and extension blocks. This project is for learning purposes and is not maintained.
forensicmatt/VanillaWindowsTools
Tools for parsing and playing with https://github.com/AndrewRathbun/VanillaWindowsReference data
forensicmatt/ActivitiesCacheParser
Parse Windows ActivitiesCache to JSONL. This project is for learning purposes and is not maintained.
forensicmatt/r-winreg
Windows Registry Parsing Library
forensicmatt/aws-snap-io
Library for implementing Read Seek ontop of an AWS Snapshot
forensicmatt/JsonlTools
Tools for filtering and manipulating JSONL
forensicmatt/MonitorUserAssist
Tool that can monitor the UserAssist registry keys and decode UserAssist structs in real-time. This project is for learning purposes and is not maintained.
forensicmatt/LogicalRegTool
A registry tool that can be ran on a logical volume. JSONL output for NoSQL. This project is for learning purposes and is not maintained.
forensicmatt/PyRustyUsn
Python bindings for RustyUsn
forensicmatt/sans509-helpers
Just a quick script to parse load balancer logs into json
forensicmatt/WinObjectIdParser
ObjectID Parsers and Tools. This project is for learning purposes and is not maintained.
forensicmatt/LogicalAvacado
A DFIR Tool for processing logical volumes and inserting records into ArangoDB. This project is for learning purposes and is not maintained.
forensicmatt/LogicalJmpLnkTool
A jumplist and link tool that can be ran on a logical volume. JSONL output for NoSQL. This project is for learning purposes and is not maintained.
forensicmatt/snapio-evtx-extractor
Tool that uses aws-snap-io and libtsk to extract EVTX files from an AWS snapshot.
forensicmatt/upcaseinfo-py
$UpCase:$Info parsing tool/lib in Python
forensicmatt/upcaseinfo-rs
$UpCase:$Info parsing tool/lib in Rust
forensicmatt/evtx
A Fast (and safe) parser for the Windows XML Event Log (EVTX) format
forensicmatt/r-shellitems
Shell Item Structures in Rust
forensicmatt/SetupApiLogParser
Parse Setup API Logs to JSONL
forensicmatt/CtfdLogs2Arango
Ingest CTFd logs into ArangoDB
forensicmatt/jmespath.rs
Rust implementation of JMESPath, a query language for JSON
forensicmatt/walkdir
Rust library for walking directories recursively.
forensicmatt/winapi-rs
Rust bindings to Windows API