Hands-on projects for beginners to learn and practice Windows forensics and essential cybersecurity skills

Cross-platform registry browser for raw Windows registry files

ExeSpy is a cross-platform PE viewer for EXE and DLL files

Windows forensics Engine

Vault of Windows Registry forensic artifacts

Tools and Techniques for Digital Forensics and Incident Response

Command Spy is a utility for monitoring the command line arguments of new processes on Windows. Made for CCDC.

Python module for forensic analysis of Windows shortcuts (LNK files). You can install this package using pip install lnkanalyser

A DFIR Incident Response AI bot using local Ollama LLM to derrive automated findings from logs

When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics

AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).

RDP Bitmap Cache Praser A lightweight forensic utility to extract and reconstruct images from the RDP Bitmap Cache (bmc, bin, dat) files. Useful for identifying visual remnants of a remote desktop session, even after it ends. Ideal for forensic investigations and RDP activity analysis.

FAEP is an automated tool to extract and parse forensic artifacts from .E01 images automatically, with a clean GUI and minimal manual effort.

Blue-team portfolio: SOC detection engineering, malware analysis, vulnerability management.

Universal Windows Forensic Environment (WinFE) with Intel RAID & VMD support for modern Intel systems (8th–15th Gen), enabling forensic-safe detection of NVMe and RAID storage.

Gives you the list of storage devices that has been connected to your windows machine

Repository for my journey through the CDAC Windows Forensics Analysis Bootcamp. Covers forensic evidence acquisition, Windows Registry analysis, Event Logs, memory forensics, timeline analysis, and other digital investigation concepts.

A PowerShell script for live forensic data collection on Windows. No external dependencies required.

In this second case study of the structured IOC triage series, we examined a subtle but dangerous host-based compromise involving the abuse of the Windows utility `rundll32.exe` to execute a malicious DLL payload.

This journal documents my progress and learnings from different TryHackMe rooms. Each entry contains key takeaways, commonly used commands, and practical applications. My experience with TryHackMe has enhanced my understanding of Linux and Windows fundamentals, network protocols, incident handling, and log analysis.