Avilla Forensics 3.0

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

Parses $MFT from NTFS file systems

Windows Forensics Environment Builder

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

CDIR Analyzer - parsers for data collected by CDIR Collector

Extract SysCfg data from corrupted or unreadable NAND dumps.

Blue team security tool to help detect physical attacks using USB devices.

Application extract information about USB drives connected to windows OS till date

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

Data forensic tool

Examine, create and interact with remote objects in other .NET processes.

File recovery tool for the FAT file system

Parses Win32_RegistryAction entries from WMI. Portable, modern and simple-to-use GUI application for Windows 7/10.

A user friendly app for retrieving and consolidating windows system information

Monitors the network bandwidth of all processes. Has the option to record the data only if the mobile connection is active. Uses windows event tracing.

A tool that reads data stored under USBSTOR key in the system registry hive, representing information about connected USB storage devices

ToyProject_Like NTFSwalker

A post-exploitation tool to decrypt SolarPutty's sessions files

RAMDumpExplorer is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values. The program is written in C# and utilizes async/await to process the dump file in a non-blocking manner.