Own tools
| Tool | Description | Language | Article |
|---|---|---|---|
| Masstin | Lateral movement analysis — parses 30+ Windows Event IDs, Linux logs, Winlogbeat and Cortex XDR into a unified timeline with Neo4j and Memgraph visualization | Rust | Read → |
| vshadow-rs | Pure Rust parser for Windows Volume Shadow Copy (VSS) — inspect, list and extract files from VSS snapshots in E01/dd forensic images, cross-platform | Rust | Read → |
| Sabonis | DFIR pivoting on forensic artifacts — EVTX, PCAP and Squid proxy logs with Neo4j integration | Python | Read → |
Contributed tools
| Tool | Description | Author | Article |
|---|---|---|---|
| Persistence Boromir | Detection of 24 Windows persistence mechanisms with timeline generation | Alejandro Gamboa (AI3xGP) | Read → |