Streamline Digital Evidence Collection with CyberPipe 5.2 CyberPipe, developed for incident response, is a PowerShell script facilitating efficient digital evidence collection in enterprise settings. Recent updates include improved collection methods, capabilities like QuickTriage for faster artifact gathering, and enhanced reliability with advanced error handling. Version 5.2 aims to streamline operations while ensuring forensic integrity and transparency. #DFIR

CyberPipe, a PowerShell script for digital evidence collection, has been updated with enhancements in collection, capabilities, and reliability. New features include intelligent collection with dual disk space validation, a QuickTriage profile, and improved BitLocker recovery. #DFIR

DataTUI
A fast, keyboard‑first terminal data viewer built with Rust and Ratatui. DataTUI lets you explore CSV/TSV, Excel, and SQLite data with tabs, sorting, filtering, SQL (via Polars), and more.
#DFIR

datatui.io

Running EZ Tools Natively on Linux: A Step-by-Step Guide #DFIR
www.sans.org/blog/running...

Release uac-3.1.0 · tclahr/uac Changelog All notable changes to this project will be documented in this file. 3.1.0 (2025-03-20) Highlights Added collection of hidden /etc/ld.so.preload using debugfs and xfs_db tools, enhancing...

UAC (Unix-like Artifacts Collector) v3.1.0 has been released.
Also, my tool for acquiring /etc/ld.so.preload, which is hidden by rootkits, has been merged.
#DFIR #Linux

github.com/tclahr/uac/r...

GitHub - mnrkbys/fjta: FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals, generates timelines, and detects suspicious activities. FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals, generates timelines, and detects suspicious activities. - mnrkbys/fjta

Hi #DFIR community,
I'm excited to announce that I have published my new forensic tool for analyzing journal data from #Linux file systems (EXT4 and XFS).
It’s called Forensic Journal Timeline Analyzer (FJTA).
🔗 github.com/mnrkbys/fjta

This tool requires TSK's develop branch to recognize XFS.

XFS Implementation by eyalgolan1337 · Pull Request #3118 · sleuthkit/sleuthkit this branch is based on #1461. I added a test so we can merge the xfs implementation

Finally, The Sleuth Kit has added support for XFS! I'll try it out later.
github.com/sleuthkit/sl...
#DFIR #Linux

GitHub - tclahr/uac: UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, ... UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD...

#UAC (Unix-like Artifacts Collector) v3.0.0 has been released. Many of my PRs were also merged! #DFIR #Linux

github.com/tclahr/uac