Popular repositories Loading
-
usnjrnl-forensic
usnjrnl-forensic PublicThe most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomp…
Rust 26
Repositories
- sqlite-forensic Public
SQLite forensic library — read-only b-tree/freelist/WAL reader plus a deleted-record carver that recovers freed-page, in-page, and dropped-table rows. Panic-free, forbid-unsafe, validated against undark and fqlite.
SecurityRonin/sqlite-forensic’s past year of commit activity - forensicnomicon Public
DFIR artifact catalog (6,554 artifacts, LOL/LOFL binaries, abusable sites) plus the normalized report vocabulary the SecurityRonin analyzer fleet shares — offline Rust library + 4n6query CLI
SecurityRonin/forensicnomicon’s past year of commit activity - browser-forensic Public
Browser forensic library suite — parse Chrome/Firefox/Safari artifacts, detect history clearing, carve deleted records. Single static binary, no runtime deps.
SecurityRonin/browser-forensic’s past year of commit activity - memory-forensic Public
Walk any memory dump. Find what's hidden. Linux + Windows kernel forensics from a single static Rust binary — no Python required.
SecurityRonin/memory-forensic’s past year of commit activity - vhdx-forensic Public
Pure-Rust VHDX (Hyper-V) virtual-disk reader and forensic integrity analyzer: a hardened Read+Seek container reader (vhdx-core) plus a 63-code tamper/anomaly auditor with in-memory repair (vhdx-forensic) for DFIR.
SecurityRonin/vhdx-forensic’s past year of commit activity - ntfs-forensic Public
From-scratch NTFS reader (ntfs-core: MFT, attributes, indexes, data runs, LZNT1, $UsnJrnl:$J change journal over Read+Seek) plus a graded anomaly auditor (ntfs-forensic: timestomping, alternate data streams, deleted records, MFT/LogFile tamper checks) — panic-free, fuzzed, no unsafe
SecurityRonin/ntfs-forensic’s past year of commit activity - winreg-forensic Public
Windows Registry hive forensics — panic-free reader, artifact decoders, carving & recovery (SecurityRonin fleet)
SecurityRonin/winreg-forensic’s past year of commit activity - srum-forensic Public
SRUM forensics: prove whether a human was at the keyboard. Parse SRUDB.dat on Linux/macOS. Detect malware, exfiltration, and automated execution. Single static Rust binary.
SecurityRonin/srum-forensic’s past year of commit activity - usnjrnl-forensic Public
The most comprehensive NTFS USN Journal parser: full path reconstruction (CyberCX Rewind), TriForce correlation (MFT + LogFile + UsnJrnl), ghost record recovery, anti-forensics detection, timestomping detection, USN carving, and more.
SecurityRonin/usnjrnl-forensic’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Most used topics
Loading…