I'm Tom (he/him), a Digital Forensics and Incident Response (a.k.a. DFIR) engineer based in Zurich, Switzerland. Most of my focus is around tools that aid in incident response, forensics, threat intelligence, malware analysis, automation, and API interaction.

• Bluesky - @tomchop.me
• Mastodon - @[email protected]
• Keybase - https://keybase.io/tomchop
• tomchop.me - Personal website, let's see if I ever start writing something there...

• Yeti platform - a lightweight Threat Intelligence platform. Ramping up the time I'm spending on this.
• DFIQ - a repository of Digital Forensics Investigative Questions, bundled in a nice YAML format for consumption by automated tools.
• Timesketch - a forensics timeline analysis platform.
• dfTimewolf - a digital forensics pipeline orchestrator. Think CyberChef for APIs! Actively maintained.

• OpenRelik Volatility worker - A volatility3 worker for OpenRelik
• OpenRelik Yara worker - A Yara scanner worker for OpenRelik. Can feed off third party systems like Yeti.

• cloud-forensics-utils - Python library to interact with various cloud services and facilitate forensics-related actions (e.g. disk copying).
• volatility-autoruns - A plugin for the excellent memory analysis framework Volatility that enumerates auto-start extensibility points (i.e. "persistence") on a system.
• FIR - Fast incident response - a lightweight incident response platform. Like a ticketing system, but for security incidents.
• unxor - A fun experiment attacking weaknesses in XOR-based ciphers. Allows you to recover plaintext from any fixed-key XOR ciphertext, as long as you know a chunk of plaintext that is 2x as long as the key! (e.g. This program cannot be run in DOS mode)
• malcom - Malcom - Malware Communications Analyzer - network traffic analysis and threat intelligence in the browser.