Skip to content
View tomchop's full-sized avatar

Block or report tomchop

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tomchop/README.md

Hi there 👋

I'm Tom (he/him), a Digital Forensics and Incident Response (a.k.a. DFIR) engineer based in Zurich, Switzerland. Most of my focus is around tools that aid in incident response, forensics, threat intelligence, malware analysis, automation, and API interaction.

tomchops's GitHub stats

📯 Where to find me

⚡️ Core projects

  • dfTimewolf - a digital forensics pipeline orchestrator. Think CyberChef for APIs! Actively maintained.
  • Yeti platform - a lightweight Threat Intelligence platform. Ramping up the time I'm spending on this.
  • Timesketch - a forensics timeline analysis platform.

📦 Projects I've worked on in the past

  • volatility-autoruns - A plugin for the excellent memory analysis framework Volatility that enumerates auto-start extensibility points (i.e. "persistence") on a system.
  • FIR - Fast incident response - a lightweight incident response platform. Like a ticketing system, but for security incidents.
  • unxor - A fun experiment attacking weaknesses in XOR-based ciphers. Allows you to recover plaintext from any fixed-key XOR ciphertext, as long as you know a chunk of plaintext that is 2x as long as the key! (e.g. This program cannot be run in DOS mode)
  • malcom - Malcom - Malware Communications Analyzer - network traffic analysis and threat intelligence in the browser.

Pinned Loading

  1. yeti-platform/yeti yeti-platform/yeti Public

    Your Everyday Threat Intelligence

    Python 1.8k 291

  2. certsocietegenerale/FIR certsocietegenerale/FIR Public

    Fast Incident Response

    JavaScript 1.7k 505

  3. log2timeline/dftimewolf log2timeline/dftimewolf Public

    A framework for orchestrating forensic collection, processing and data export

    Python 296 72

  4. google/cloud-forensics-utils google/cloud-forensics-utils Public

    Python library to carry out DFIR analysis on the Cloud

    Python 465 88

  5. volatility-autoruns volatility-autoruns Public

    Autoruns plugin for the Volatility framework

    Python 118 20

  6. unxor unxor Public

    unXOR will search a XORed file and try to guess the key using known-plaintext attacks.

    Python 141 22