Eric Zimmerman presented a tool for parsing ActivitiesCache.db, which contains Windows 10 Timeline data. You can learn how to use it here and download the tool here.

Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring solutions based on how well they detect advanced persistent threats. You can learn more about the script here.

Dshell is an extensible network forensic analysis framework, that enables rapid development of plugins to support the dissection of network packet captures. It’s key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Learn more about it at GitHub.

If you are looking for a SIFT replacement and already have a Debian workstation, this package is for you. Forensics-full package will help you to get everything you need to perform a first class digital forensic examination. Worth a try!

The first beta Linux version of your favourite open source DFIR tool Autopsy. You can download it here. Now the tool has the following known limitations: Multi-user cases are not supported Local drives cannot be analyzed VMDK / VHDI images not supported Dead JAR issues if you ever run as ‘root’. Other users can’t overwrite one of the .so files. …

Jason Hale has presented his USB Detective tool in this post. USB Detective aims to ease the burden on the examiner by visually distinguishing attributes with inconsistent timestamps from those with multiple corroborating sources. You can download free community version of the tool or buy professional version here.

Polito Inc. has partnered with ReversingLabs (RL) and has developed a plugin extension called ReversingLabs Lookup Utility for Autopsy. You can download the plugin from their GitHub repo. Also, you can learn more about the plugin and its installation steps here.

The Sleuth Kit and Autopsy 4.6.0 are available for downloading. Here are the lists of new features: The Sleuth Kit New Communications related Java classes and database tables Java build updates for Autopsy Linux build Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database Increased cache sizes Lots of bounds checking fixes from Google’s …

Threat Hunting Reconnaissance Toolkit or THRecon is a collection of PowerShell scripts by Tony Phipps, which can be very useful during live response. You can fast and easily collect such important artifacts, as autoruns, event logs, USB devices, services, scheduled tasks, etc. You can download the toolkit here.

PcapXray is a network forensics tool for visualizing packet captures offline as network diagrams including device identification, highlighting important communication and file extraction. You can learn more about the tool and download it here.