Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 27
Repositories
- lnk-forensic Public
Windows Shell Link (.lnk) forensics — parse target path, volume serial, MAC times, tracker machine ID; detect removable-media and network targets. Pure Rust. (JumpLists in v0.2.)
SecurityRonin/lnk-forensic’s past year of commit activity - forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - useract-forensic Public
User-activity forensics — unify shell history, peripheral connections (and v0.2: LNK/shellbags/SRUM/UserAssist/MRU) into one per-user timeline with cross-source correlation. Pure Rust meta-analyzer.
SecurityRonin/useract-forensic’s past year of commit activity - peripheral-forensic Public
External-device connection forensics — parse setupapi.dev.log into a typed DeviceConnection timeline across USB, FireWire, Thunderbolt, PCIe, eSATA, SD; classify DMA-capable vs storage vs HID threat. Pure Rust.
SecurityRonin/peripheral-forensic’s past year of commit activity - shellhist-forensic Public
Shell command-history forensic library suite — parse bash, zsh, fish, and PowerShell PSReadLine history; detect history clearing, back-dated entries, and download-pipe-to-shell. Pure Rust, no runtime deps.
SecurityRonin/shellhist-forensic’s past year of commit activity - git-forensic Public
Git forensic library suite — read loose + packfile objects from any .git, detect backdated commits, rewritten history, unsigned commits, and unreachable objects. Pure Rust, no libgit2.
SecurityRonin/git-forensic’s past year of commit activity - ntfs-forensic Public
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
SecurityRonin/ntfs-forensic’s past year of commit activity - sqlite-forensic Public
SQLite forensic library — read-only b-tree/freelist/WAL reader plus a deleted-record carver that recovers freed-page, in-page, and dropped-table rows. Panic-free, forbid-unsafe, validated against undark and fqlite.
SecurityRonin/sqlite-forensic’s past year of commit activity - winreg-forensic Public
Windows Registry hive forensics — panic-free reader, artifact decoders, carving & recovery (SecurityRonin fleet)
SecurityRonin/winreg-forensic’s past year of commit activity - prefetch-forensic Public
Windows Prefetch forensic library — parse MAM/Xpress-Huffman + SCCA v30/31 (run count, last-8 run times, loaded files), grade masquerade & suspicious-location execution. Cross-platform, panic-free, no Windows API.
SecurityRonin/prefetch-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…