Andrew Rathbun

A repository of DFIR-related Mind Maps geared towards the visual learners!

AndrewRathbun

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts...

AndrewRathbun

A curated list of KAPE-related resources

AndrewRathbun

A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add....

AndrewRathbun

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

AndrewRathbun

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

AndrewRathbun

A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.

AndrewRathbun

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

AndrewRathbun

A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools

AndrewRathbun

A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.

AndrewRathbun