I'm Tom (he/him), a Digital Forensics and Incident Response (a.k.a. DFIR) engineer based in Zurich, Switzerland. Most of my focus is around tools that aid in incident response, forensics, threat intelligence, malware analysis, automation, and API interaction.
📯 Where to find me
- Keybase - https://keybase.io/tomchop
- Mastodon - @firstname.lastname@example.org
- Twitter - @tomchop_ (don't check this much anymore)
⚡️ Core projects
- dfTimewolf - a digital forensics pipeline orchestrator. Think CyberChef for APIs! Actively maintained.
- Yeti platform - a lightweight Threat Intelligence platform. Ramping up the time I'm spending on this.
- Timesketch - a forensics timeline analysis platform.
👻 Projects I've worked on in the past
- volatility-autoruns - A plugin for the excellent memory analysis framework Volatility that enumerates auto-start extensibility points (i.e. "persistence") on a system.
- FIR - Fast incident response - a lightweight incident response platform. Like a ticketing system, but for security incidents.
- unxor - A fun experiment attacking weaknesses in XOR-based ciphers. Allows you to recover plaintext from any fixed-key XOR ciphertext, as long as you know a chunk of plaintext that is 2x as long as the key! (e.g.
This program cannot be run in DOS mode)