Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 28
Repositories
- memory-forensic Public
Walk any memory dump. Find what's hidden. Linux + Windows kernel forensics from a single static Rust binary — no Python required.
SecurityRonin/memory-forensic’s past year of commit activity - lnk-forensic Public
Windows Shell Link (.lnk) forensics — parse target path, volume serial, MAC times, tracker machine ID; detect removable-media and network targets. Pure Rust. (JumpLists in v0.2.)
SecurityRonin/lnk-forensic’s past year of commit activity - udf-forensic Public
Forensic-grade UDF (ECMA-167/OSTA) reader — volume recognition, partition maps, File Entry/FID traversal, file data
SecurityRonin/udf-forensic’s past year of commit activity - sqlite-forensic Public
SQLite forensic library — read-only b-tree/freelist/WAL reader plus a deleted-record carver that recovers freed-page, in-page, and dropped-table rows. Panic-free, forbid-unsafe, validated against undark and fqlite.
SecurityRonin/sqlite-forensic’s past year of commit activity - srum-forensic Public
SRUM forensics: prove whether a human was at the keyboard. Parse SRUDB.dat on Linux/macOS. Detect malware, exfiltration, and automated execution. Single static Rust binary.
SecurityRonin/srum-forensic’s past year of commit activity - qcow2-forensic Public
Pure-Rust QCOW2 forensics: reader (qcow2-core) + anomaly auditor (qcow2-forensic) — backing files, snapshots, encryption, refcount orphans on the forensicnomicon report model
SecurityRonin/qcow2-forensic’s past year of commit activity - forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - trash-forensic Public
Read-only readers + forensic analyzers for trash / deleted-file artifacts across Windows, Linux, macOS, Android & iOS — recover who deleted what, when, with tampering already graded.
SecurityRonin/trash-forensic’s past year of commit activity - winevt-forensic Public
EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.
SecurityRonin/winevt-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…