Skip to content
View sltcnb's full-sized avatar
🏠
I may be working
🏠
I may be working
  • France

Block or report sltcnb

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sltcnb/README.md

sltcnb

Security engineer building open-source DFIR and incident-response tooling — from acquisition to a searchable, detection-rich case.

Most of my public work is a suite of standalone forensic tools that share contracts and normalize everything to Elastic Common Schema (ECS) v8, so they compose but also stand on their own.


DFIR suite

Project What it does
citadel DFIR platform composing the tools below — acquire, ingest, parse, normalize, detect, analyze, and report a case end to end.
cumulonimbus Cloud forensics & IR toolkit — collects and normalizes AWS, Azure, GCP, and Kubernetes logs to ECS v8.
mneme Memory forensics automation on top of Volatility3 — orchestration, malware detection, timeline, ECS/STIX export.
triager Cross-OS forensic acquisition agent — collects host/image/device artifacts into a signed, content-addressed bundle.
carvX Signature-based file carver for disk images and block devices — recovers deleted files with no filesystem metadata.
atktimeline Self-hosted attack timeline builder mapping events to MITRE ATT&CK.

Other

Project What it does
planX Native macOS task manager — Kanban, dependency graph, and time tracking (SwiftUI / SwiftData).

Stack

Python · Elasticsearch · Sigma · ECS · STIX · MITRE ATT&CK · Docker · Kubernetes · React · SwiftUI

Focus

Incident response · cloud & memory forensics · artifact acquisition · detection engineering

Pinned Loading

  1. citadel citadel Public

    DFIR platform composing standalone forensic tools — acquire, ingest, parse, normalize to ECS, detect, analyze, and report a case end to end.

    Python 1

  2. triager triager Public

    Cross-OS forensic acquisition agent — walks a live host, mounted volume, disk image, or raw device and gathers artifacts into a signed, content-addressed bundle (Windows/Linux/macOS).

    Python

  3. mneme mneme Public

    Mneme — memory forensics toolkit built on Volatility3: orchestration, malware detection, timeline, ECS/STIX export. Part of the DFIR suite.

    Python

  4. carvX carvX Public

    Signature-based file carver for disk images and block devices — recovers deleted files with no filesystem metadata. Pure Python 3.10+, stdlib only.

    Python

  5. cumulonimbus cumulonimbus Public

    Cloud forensics & IR toolkit — collect/parse/normalize AWS, Azure, GCP & Kubernetes logs to ECS v8

    Python

  6. atktimeline atktimeline Public

    Self-hosted attack timeline builder mapping events to MITRE ATT&CK — Flask + PostgreSQL, deployable via Docker Compose or Kubernetes.

    Python