Avilla Forensics FREE

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Tools) Kape, Axiom, Hayabusa, Chainsaw and Nirsoft into a unified timeline.

Windows Forensics Environment Builder

Portable Windows forensic tool for reviewing Firefox-like and Chromium-based browser artifacts, with labeling, search, CLI processing, and HTML/PDF reports.

Examine, create and interact with remote objects in other .NET processes.

Open source HIDS tailored for Microsoft Windows and Active Directory

C# Library and research notes for Windows 11 Notepad State Files

Powerful Kernel Windows Platform for Malware Analysis, SRE, Forensics & Threat Hunting

A tool to view and remove Windows JumpLists

SQLiteDiskExplorer enables you to explore, catalog, and batch extract SQLite files from disks and removable media.

Reverse Engineering the Tabstate files for Windows Notepad

Windows anti-forensics made easy

GovTools is an innovative open-source toolkit for Windows, designed to streamline the extraction of password hashes from a variety of targets.

Dump memory regions of a process using NtQueryVirtualMemory and NtReadVirtualMemory

A C# light executable that read Windows 11 Notes from TabState directory.

Self-hosted endpoint activity auditing platform for insider threat monitoring (First open-source DLP)

Mergen is a project that facilitates the analysis of traffic by logging incoming web traffics to ASP.NET applications broadcasting with Microsoft IIS (Internet Information Services) service.

Digital Forensic Tool developed for my DFS 580 Capstone course at Champlain College. This tool facilitiates the decryption and analysis of encrypted profile and message files used by the instant messenger Technitium Mesh https://mesh.im/.

An app to retrieve the text message threads from a Message's chat.db currently in pre-release. Documentation and tests to come