Hands-on projects for beginners to learn and practice Windows forensics and essential cybersecurity skills
-
Updated
Jun 29, 2024
#
windows-forensics
Here are 70 public repositories matching this topic...
Cross-platform registry browser for raw Windows registry files
-
Updated
Apr 15, 2023 - Python
Windows forensics Engine
registry logs prefetch forensics mru ai-agents mft usn srum windows-forensics forensics-tools forensics-data identity-engine ai-forensics crow-eye shell-items shellbags
-
Updated
Jun 7, 2026 - Python
ExeSpy is a cross-platform PE viewer for EXE and DLL files
-
Updated
Feb 19, 2025 - Python
Vault of Windows Registry forensic artifacts
-
Updated
Nov 12, 2025 - JavaScript
Rust DFIR tool that massively parses cross-platform evidence, even deleted logs, into a lateral movement timeline and graph database.
rust neo4j vss incident-response dfir graph-database event-log threat-hunting digital-forensics cypher ual evtx kape lateral-movement velociraptor memgraph digital-forensics-incident-response windows-forensics digital-forensic-tool forensic-tool
-
Updated
May 21, 2026 - Rust
A comprehensive MCP server for Windows digital forensics on KALI Linux
-
Updated
May 21, 2026 - YARA
A DFIR Incident Response AI bot using local Ollama LLM to derrive automated findings from logs
incident-response dfir digital-forensics triage live-response windows-forensics forensics-tools llm ollama dfirvault ir-tools dfir-ai dfir-llm
-
Updated
Jan 17, 2026 - Python
Command Spy is a utility for monitoring the command line arguments of new processes on Windows. Made for CCDC.
-
Updated
Jul 30, 2023 - C#
Tools and Techniques for Digital Forensics and Incident Response
incident-response dfir digital-forensics digital-forensics-incident-response windows-forensics linux-forensics
-
Updated
Feb 16, 2026
Python module for forensic analysis of Windows shortcuts (LNK files). You can install this package using pip install lnkanalyser
-
Updated
Mar 28, 2024 - Python
Windows forensic scanner. Finds what "Uninstall" leaves behind.
windows cli dfir software malware-analysis security-tools blue-team mitre-attack windows-forensics forensics-tools
-
Updated
Jun 11, 2026
A comprehensive repository for CyberOps documentation, Blue Team playbooks, and open-source forensic tools like Cerberus and Chimera.
powershell incident-response forensics dfir cybersecurity threat-hunting digital-forensics triage blueteam memory-forensics security-tools threat-detection live-response windows-forensics memory-acquisition linux-forensics kusto-query incident-response-tool
-
Updated
Jan 21, 2026
When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics
windows forensics cybersecurity cyber-security investigation windows-forensics forensics-tools sans500 cyberred
-
Updated
Sep 24, 2023
Search artifact paths, build collection scripts, and convert Sigma rules. All in one place.
incident-response forensics artifacts digital-forensics forensic-analysis artefacts forensics-investigations windows-forensics forensics-tools
-
Updated
Jun 8, 2026 - TypeScript
EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.
rust log-analysis incident-response forensics dfir digital-forensics anti-forensics memory-forensics security-tools blue-team evtx windows-event-log windows-forensics hayabusa winevt
-
Updated
Jun 9, 2026 - Rust
Windows Forensic Triage Tool is a Python-based framework that automates forensic artifact collection, evidence analysis, digital signature verification, and HTML report generation to support incident response investigations.
-
Updated
Apr 12, 2026 - Python
Useful tools for (not only) digital forensics
network-forensics incident-response digital-forensics memory-forensics mobile-forensics windows-forensics linux-forensics macos-forensics ios-forensics live-forensics android-forensics mobile-forensic webbrowsers-forensics
-
Updated
Jun 12, 2026
Ferramenta forense local para verificação (SS) em comunidades de Roblox. 62 scanners, execução totalmente local, sem envio de dados.
python roblox incident-response forensics anti-cheat screenshare security-tools pe-analysis ss-tool windows-forensics
-
Updated
Jun 10, 2026 - Python
Local-first DFIR investigation platform for centralizing artifacts, reducing noise, and reconstructing incidents.
timeline incident-response forensics dfir digital-forensics sigma opensearch mft evtx windows-forensics
-
Updated
Jun 9, 2026 - Python
Improve this page
Add a description, image, and links to the windows-forensics topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the windows-forensics topic, visit your repo's landing page and select "manage topics."