Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 28
Repositories
- issen Public
Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.
SecurityRonin/issen’s past year of commit activity - forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - winreg-forensic Public
Windows Registry hive forensics — panic-free reader, artifact decoders, carving & recovery (SecurityRonin fleet)
SecurityRonin/winreg-forensic’s past year of commit activity - 4n6mount Public
Mount forensic disk images, archives & memory dumps as a filesystem on Linux/macOS/Windows — ext4/NTFS/exFAT/HFS+/APFS/ISO, EWF/VMDK, zip/7z/tar, LiME/AVML/crash dumps. FUSE + WinFsp, ro/rw COW overlay, deleted-file browsing, NSRL filtering. Pure Rust, Apache-2.0.
SecurityRonin/4n6mount’s past year of commit activity - trash-forensic Public
Read-only readers + forensic analyzers for trash / deleted-file artifacts across Windows, Linux, macOS, Android & iOS — recover who deleted what, when, with tampering already graded.
SecurityRonin/trash-forensic’s past year of commit activity - useract-forensic Public
User-activity forensics — unify shell history, peripheral connections (and v0.2: LNK/shellbags/SRUM/UserAssist/MRU) into one per-user timeline with cross-source correlation. Pure Rust meta-analyzer.
SecurityRonin/useract-forensic’s past year of commit activity - disk-forensic Public
Forensic disk-image orchestrator — decodes E01/VMDK/VHDX/VHD/QCOW2/DMG containers, auto-detects MBR/GPT/APM, and routes ISO 9660 to filesystem analysis
SecurityRonin/disk-forensic’s past year of commit activity - memory-forensic Public
Walk any memory dump. Find what's hidden. Linux + Windows kernel forensics from a single static Rust binary — no Python required.
SecurityRonin/memory-forensic’s past year of commit activity - lnk-forensic Public
Windows Shell Link (.lnk) forensics — parse target path, volume serial, MAC times, tracker machine ID; detect removable-media and network targets. Pure Rust. (JumpLists in v0.2.)
SecurityRonin/lnk-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…