Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 31
Repositories
- forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - timeglyph Public
Forensic timestamp decipherment — decode, encode & identify how systems inscribe time (scored, cited, ambiguity-first), plus a cursor-hover overlay
SecurityRonin/timeglyph’s past year of commit activity - bitlocker-forensic Public
BitLocker Drive Encryption (BDE) forensic library — parse FVE metadata, unlock via password, decrypt AES-CBC+Elephant-Diffuser volumes, and grade key-protector/clear-key/weak-cipher findings. Panic-free, validated byte-for-byte against libbde.
SecurityRonin/bitlocker-forensic’s past year of commit activity - issen Public
Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.
SecurityRonin/issen’s past year of commit activity - elephant-diffuser Public
The BitLocker Elephant Diffuser (Diffuser A + Diffuser B + sector-key XOR) in pure Rust — the format primitive with no ecosystem crate, validated in-situ against libbde. no_std, panic-free.
SecurityRonin/elephant-diffuser’s past year of commit activity - filevault-forensic Public
Apple FileVault 2 / CoreStorage (FVDE) forensic library — parse the encryption context, unlock via password, decrypt AES-XTS volumes, and grade protector/encryption-state/weak-KDF findings. Panic-free, validated byte-for-byte against libfvde.
SecurityRonin/filevault-forensic’s past year of commit activity - forensic-hashdb Public
File hash databases for digital forensics — NSRL/CIRCL known-good, malware known-bad, known-vulnerable Windows drivers (loldrivers), and analyst-supplied MD5/SHA1/SHA256 feeds.
SecurityRonin/forensic-hashdb’s past year of commit activity - vsc-forensic Public
Windows Volume Shadow Copy forensic library — reads VSS store/catalog structures, enumerates shadow copies, reconstructs each snapshot's point-in-time volume view (copy-on-write read-back), and grades deletion/timeline anomalies as forensicnomicon findings. Panic-free, fuzzed, Tier-1 validated against libvshadow.
SecurityRonin/vsc-forensic’s past year of commit activity - dpapi-forensic Public
Forensic DPAPI toolkit — parse + decrypt DPAPI blobs, unwrap Chrome/Edge v10/v20 cookies (dpapi-core); on-disk credential auditor (WIP)
SecurityRonin/dpapi-forensic’s past year of commit activity - winevt-forensic Public
EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.
SecurityRonin/winevt-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…