Projects

Here are some personal and professional projects I created and/or contribute to.

   SMS Backup and Restore Parser —  / Go / —  Parses XML output from SMS Backup & Restore Android app.
   BUP Summary —  / Python / —  Gathers summary details from multiple McAfee BUP files. In other words, "unbup all the things, but just get some data."
   Clop ransomware embedded resource deobfuscator —  / C C++ Python / —  Decodes obfuscated resources embedded in Clop ransomware.
   Simple EXIF Reader —  / C# WinForms / —  This is an image/movie metadata reader that provides a simplistic GUI interface to the MetadataExtractor .NET library. It features a one-click link to Google Maps for embedded location data.
   macOS triage —  / Python / —  macOS triage is a python script to collect various macOS logs, artifacts, and other data.
   Google Analytics Domain Hash Calculator —  / C# WinForms / —  Calculates Google Analytics domain hash given domain name and provides simple GUI for ease of use (but is only good for calculating one at a time).
   gadhash —  / C++ Boost / —  Calculates Google Analytics domain hash given domain(s). This is the more robust and faster CLI counterpart to the Google Analytics Domain Hash Calculator. I also posted a "rainbow table" of hashed domains in this repository using the Cisco Umbrella Popularity List (top 1 million domains).
   annotationis —  This is a central repository I use for storing notes and documentation on various OS internals and DFIR knowledge.
   Log2ELK —  / Python wxPython Elasticsearch / —  CLOSED SOURCE // Intellectual property of KPMG LLP // Parses Windows event logs and ingests parsed data into Elasticsearch. Saved searches for Kibana were also created by our team to automate common searches for lateral movement, pass-the-hash activity, failed logons, antivirus events, etc. This is a standalone tool that our team continues to maintain, and this functionality has also been incorporated into KPMG Digital Responder (KDR).
   KPMG Digital Responder (KDR) —  / Python wxPython Elasticsearch C C++ PowerShell JavaScript D3 / —  CLOSED SOURCE // Intellectual property of KPMG LLP // Automated digital forensic collection tool, multi-threaded parsing engine, and reporting.