Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 31
Repositories
- browser-forensic Public
Parse Chrome/Firefox/Safari and embedded-Chromium app artifacts — history, cookies, web storage, integrity/tampering, free-page carving, container discovery — into one JSON timeline. Single static Rust binary, no runtime deps.
SecurityRonin/browser-forensic’s past year of commit activity - timeglyph Public
Decode, identify & encode forensic timestamps — every reading ranked, scored, and cited — plus a forensic calendar (DST, leap seconds, GPS week, format epochs, moon phase). Rust CLI + library, WASM playground, and a live hover-to-decode overlay.
SecurityRonin/timeglyph’s past year of commit activity - usb-forensic Public
USB device-history correlation engine — reconstructs USB connection history from every Windows artifact (registry, SetupAPI, event logs, LNK) plus macOS/Linux, and scores cross-source timestamp consistency by tamper-independence. Runs headless on any OS; pipeline-native JSONL, reproducible, panic-free.
SecurityRonin/usb-forensic’s past year of commit activity - srum-forensic Public
SRUM forensics: prove whether a human was at the keyboard. Parse SRUDB.dat on Linux/macOS. Detect malware, exfiltration, and automated execution. Single static Rust binary.
SecurityRonin/srum-forensic’s past year of commit activity - web3-forensic Public
Forensic investigation tool for Ethereum-family wallets — live on-chain positions (native, ERC-20, Aave V3, Hyperliquid), snapshots, discovery alerts, and TSK bodyfile / supertimeline export. Next.js, dual local/SaaS mode.
SecurityRonin/web3-forensic’s past year of commit activity - ese-forensic Public
Rust reader for ESE / JET Blue databases (SRUDB.dat, WebCacheV01.dat, Windows.edb, NTDS.dit) — no C bindings, panic-free, fuzzed.
SecurityRonin/ese-forensic’s past year of commit activity - issen Public
Point it at disk + memory evidence; get a correlated, ATT&CK-mapped attack timeline. Rust DFIR orchestrator: one command ingests E01/EWF/VMDK/raw + memory dumps, parses NTFS/registry/EVTX/prefetch/LNK/SRUM/browser/Amcache + memory (processes, netstat, injection), correlates into a DuckDB super-timeline, scans threat-intel, and reports.
SecurityRonin/issen’s past year of commit activity - forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - sqlite-forensic Public
Read-only SQLite forensic toolkit: carve deleted records (freelist/in-page/dropped-table/WAL/rollback-journal), per-rowid WAL version history, anti-forensic + encryption-scheme diagnostics, BLOB typing/SHA-256/decode, and CASE/UCO export. Panic-free, forbid-unsafe, validated against undark/fqlite. CLI + Rust libs + Python.
SecurityRonin/sqlite-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…