nongiach/forensics tools to try

## forensics tools to try
https://github.com/mozilla/mig/ Distributed & real time digital forensics at the speed of the cloud http://mig.mozilla.org/
https://github.com/fireeye/flare-floss FireEye Labs Obfuscated String Solver
https://github.com/EricZimmerman/bstrings A better strings utility!
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf

https://github.com/kevthehermit/VolUtility VolUtility - Web App for Volatility framework
KeeFarce - Extract KeePass passwords from memory
https://github.com/JPCERTCC/LogonTracer

https://github.com/google/timesketch


monitor created directories
https://www.raymond.cc/blog/3-portable-tools-monitor-files-folders-changes/
procmon: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

https://cyberwardog.blogspot.com/
https://docs.microsoft.com/fr-fr/sysinternals/
https://github.com/olafhartong/sysmon-modular
https://github.com/olafhartong/ThreatHunting

https://blogs.jpcert.or.jp/en/2017/06/1-ae0d.html
https://www.google.com/search?q=wmi+forensics+github&source=lnms&sa=X&ved=0ahUKEwjn2uaowZbgAhWzD2MBHRO6DpwQ_AUICSgA&biw=1536&bih=722&dpr=1.25
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf
https://www.jpcert.or.jp/english/pub/sr/Detecting%20Lateral%20Movement%20through%20Tracking%20Event%20Logs_version2.pdf

https://twitter.com/matthewdunwoody/status/1091462541341949952
https://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg
https://www.hecfblog.com/2018/12/daily-blog-571-forensic-lunch-test.html
https://www.youtube.com/watch?v=y-xtRkwaP2g
https://wiki.sleuthkit.org/index.php?title=TSK_Library_User%27s_Guide
	https://github.com/mozilla/mig/ Distributed & real time digital forensics at the speed of the cloud http://mig.mozilla.org/
	https://github.com/fireeye/flare-floss FireEye Labs Obfuscated String Solver
	https://github.com/EricZimmerman/bstrings A better strings utility!
	https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf

	https://github.com/kevthehermit/VolUtility VolUtility - Web App for Volatility framework
	KeeFarce - Extract KeePass passwords from memory
	https://github.com/JPCERTCC/LogonTracer

	https://github.com/google/timesketch



	monitor created directories
	https://www.raymond.cc/blog/3-portable-tools-monitor-files-folders-changes/
	procmon: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

	https://cyberwardog.blogspot.com/
	https://docs.microsoft.com/fr-fr/sysinternals/
	https://github.com/olafhartong/sysmon-modular
	https://github.com/olafhartong/ThreatHunting

	https://blogs.jpcert.or.jp/en/2017/06/1-ae0d.html
	https://www.google.com/search?q=wmi+forensics+github&source=lnms&sa=X&ved=0ahUKEwjn2uaowZbgAhWzD2MBHRO6DpwQ_AUICSgA&biw=1536&bih=722&dpr=1.25
	https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf
	https://www.jpcert.or.jp/english/pub/sr/Detecting%20Lateral%20Movement%20through%20Tracking%20Event%20Logs_version2.pdf

	https://twitter.com/matthewdunwoody/status/1091462541341949952
	https://www.youtube.com/channel/UCZ7mQV3j4GNX-LU1IKPVQZg
	https://www.hecfblog.com/2018/12/daily-blog-571-forensic-lunch-test.html
	https://www.youtube.com/watch?v=y-xtRkwaP2g
	https://wiki.sleuthkit.org/index.php?title=TSK_Library_User%27s_Guide