Skip to content
Still trying to figure out why this works...
Still trying to figure out why this works...
Block or Report

Block or report tomchop

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Hi there 👋

I'm Tom (he/him), a Digital Forensics and Incident Response (a.k.a. DFIR) engineer based in Zurich, Switzerland. Most of my focus is around tools that aid in incident response, forensics, threat intelligence, malware analysis, automation, and API interaction.

tomchops's GitHub stats

📯 Where to find me

⚡️ Core projects

  • dfTimewolf - a digital forensics pipeline orchestrator. Think CyberChef for APIs! Actively maintained.
  • Yeti platform - a lightweight Threat Intelligence platform. Ramping up the time I'm spending on this.
  • Timesketch - a forensics timeline analysis platform.

👻 Projects I've worked on in the past

  • volatility-autoruns - A plugin for the excellent memory analysis framework Volatility that enumerates auto-start extensibility points (i.e. "persistence") on a system.
  • FIR - Fast incident response - a lightweight incident response platform. Like a ticketing system, but for security incidents.
  • unxor - A fun experiment attacking weaknesses in XOR-based ciphers. Allows you to recover plaintext from any fixed-key XOR ciphertext, as long as you know a chunk of plaintext that is 2x as long as the key! (e.g. This program cannot be run in DOS mode)


  1. Your Everyday Threat Intelligence

    Python 1.3k 259

  2. Fast Incident Response

    Python 1.5k 478

  3. A framework for orchestrating forensic collection, processing and data export

    Python 223 64

  4. Python library to carry out DFIR analysis on the Cloud

    Python 333 77

  5. Autoruns plugin for the Volatility framework

    Python 109 18

  6. unxor Public

    unXOR will search a XORed file and try to guess the key using known-plaintext attacks.

    Python 129 22

266 contributions in the last year

Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Mon Wed Fri

Contribution activity

December 2022

tomchop has no activity yet for this period.

Seeing something unexpected? Take a look at the GitHub profile guide.