Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 28
Repositories
- forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - segb-forensic Public
Apple SEGB (Biome) forensic analyzer + reader — decode SEGB v1/v2 records and flag CRC-mismatch, deletion-residue, and timestamp-order anomalies as graded findings. Panic-free, no unsafe.
SecurityRonin/segb-forensic’s past year of commit activity - hfsplus-forensic Public
Forensic-grade Apple HFS+/HFSX reader — volume header, catalog B-tree directory listing, and data-fork file extraction
SecurityRonin/hfsplus-forensic’s past year of commit activity - lzvn Public
Safe, no_std pure-Rust Apple LZVN decompressor — length-tolerant for real macOS decmpfs resource-fork blocks. Published as lzvn-core (lib name lzvn).
SecurityRonin/lzvn’s past year of commit activity - srum-forensic Public
SRUM forensics: prove whether a human was at the keyboard. Parse SRUDB.dat on Linux/macOS. Detect malware, exfiltration, and automated execution. Single static Rust binary.
SecurityRonin/srum-forensic’s past year of commit activity - 4n6mount Public
Universal forensic FUSE mount — auto-detects ext4/NTFS/exFAT, ro/rw views with COW overlay, deleted file browsing, NSRL/HashKeeper filtering. Pure Rust, MIT licensed.
SecurityRonin/4n6mount’s past year of commit activity - ext4fs-forensic Public
Forensic-grade ext4 filesystem parser — pure safe Rust, MIT licensed. Deleted file recovery, journal parsing, timeline generation, slack space analysis, and more.
SecurityRonin/ext4fs-forensic’s past year of commit activity - exec-pe-forensic Public
PE (Windows executable) forensic analyzer — pe-core parses PE32/PE64 headers (sections, imports, entropy); pe-analysis grades MITRE-tagged anomalies (suspicious imports, packing/entropy, process-injection IOCs)
SecurityRonin/exec-pe-forensic’s past year of commit activity - blazehash Public
Forensic file hasher — BLAKE3 at 1,640 MB/s, 25 hash algorithms, Ed25519 + post-quantum signing, Bitcoin timestamps, YARA scanning, 50+ remote backends. hashdeep for the modern era.
SecurityRonin/blazehash’s past year of commit activity - winevt-forensic Public
EVTX forensic library suite — carve records from corrupt files, detect tampering indicators, analyze ETW sessions. No runtime deps.
SecurityRonin/winevt-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…