Hands-on projects for beginners to learn and practice Windows forensics and essential cybersecurity skills
-
Updated
Jun 29, 2024
#
windows-forensics
Here are 54 public repositories matching this topic...
Cross-platform registry browser for raw Windows registry files
-
Updated
Apr 15, 2023 - Python
Windows forensics Engine
windows registry logs prefetch forensics mru wings mft usn srum windows-forensics forensics-tools forensics-data identity-engine crow-eye feahter time-window-engine shell-items shellbags
-
Updated
Apr 14, 2026 - Python
ExeSpy is a cross-platform PE viewer for EXE and DLL files
-
Updated
Feb 19, 2025 - Python
Vault of Windows Registry forensic artifacts
-
Updated
Nov 12, 2025 - JavaScript
A DFIR Incident Response AI bot using local Ollama LLM to derrive automated findings from logs
incident-response dfir digital-forensics triage live-response windows-forensics forensics-tools llm ollama dfirvault ir-tools dfir-ai dfir-llm
-
Updated
Jan 17, 2026 - Python
A comprehensive MCP server for Windows digital forensics on KALI Linux
-
Updated
Mar 16, 2026 - YARA
Tools and Techniques for Digital Forensics and Incident Response
incident-response dfir digital-forensics digital-forensics-incident-response windows-forensics linux-forensics
-
Updated
Feb 16, 2026
Command Spy is a utility for monitoring the command line arguments of new processes on Windows. Made for CCDC.
-
Updated
Jul 30, 2023 - C#
Python module for forensic analysis of Windows shortcuts (LNK files). You can install this package using pip install lnkanalyser
-
Updated
Mar 28, 2024 - Python
A comprehensive repository for CyberOps documentation, Blue Team playbooks, and open-source forensic tools like Cerberus and Chimera.
powershell incident-response forensics dfir cybersecurity threat-hunting digital-forensics triage blueteam memory-forensics security-tools threat-detection live-response windows-forensics memory-acquisition linux-forensics kusto-query incident-response-tool
-
Updated
Jan 21, 2026
Rust DFIR tool that massively parses cross-platform evidence, even deleted logs, into a lateral movement timeline and graph database.
rust neo4j vss incident-response dfir graph-database event-log threat-hunting digital-forensics cypher ual evtx kape lateral-movement velociraptor memgraph digital-forensics-incident-response windows-forensics digital-forensic-tool forensic-tool
-
Updated
Apr 16, 2026 - Rust
Search artifact paths, build collection scripts, and convert Sigma rules. All in one place.
incident-response forensics artifacts digital-forensics forensic-analysis artefacts forensics-investigations windows-forensics forensics-tools
-
Updated
Mar 19, 2026 - TypeScript
When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics
windows forensics cybersecurity cyber-security investigation windows-forensics forensics-tools sans500 cyberred
-
Updated
Sep 24, 2023
Windows Forensic Triage Tool is a Python-based framework that automates forensic artifact collection, evidence analysis, digital signature verification, and HTML report generation to support incident response investigations.
-
Updated
Apr 12, 2026 - Python
Useful tools for (not only) digital forensics
network-forensics incident-response digital-forensics memory-forensics mobile-forensics windows-forensics linux-forensics macos-forensics ios-forensics live-forensics android-forensics mobile-forensic webbrowsers-forensics
-
Updated
Apr 15, 2026
Endpoint investigation of a PowerShell LotL attack reconstructing persistence via Windows services, extracting IOCs, and mapping to MITRE ATT&CK using Kibana and Windows event logs.
kibana powershell incident-response cybersecurity siem blue-team mitre-attack lotl windows-forensics
-
Updated
Mar 16, 2026
From Shadows to Sun: A high-resolution forensics suite for absolute coordinate determination, from triage to testimony.
python incident-response dfir threat-hunting digital-forensics mft sigma-rules windows-forensics polars forensics-analysis
-
Updated
Jan 25, 2026 - Python
PowerShell hash lookup against MalwareBazaar & ThreatFox with HTML reports
powershell incident-response forensics dfir cybersecurity infosec threat-hunting recon soc blue-team windows-forensics
-
Updated
Mar 23, 2026 - PowerShell
Zero-dependency DFIR triage script for Windows systems. PowerShell 5.1, no external tools required.
security powershell incident-response forensics dfir cybersecurity infosec threat-hunting soc triage blue-team windows-forensics
-
Updated
Mar 24, 2026 - PowerShell
Improve this page
Add a description, image, and links to the windows-forensics topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the windows-forensics topic, visit your repo's landing page and select "manage topics."