Kjean13

Kjean13 / ADFT

Public

ADFT v1.0 --- Active Directory Forensic Toolkit

47
1
100% credibility
Found Mar 21, 2026 at 47 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

ADFT is an offline toolkit that ingests Windows and Active Directory logs, performs deterministic threat detection and correlation, reconstructs attack timelines, scores exposure risks, and generates hardening recommendations with an integrated local web interface.

How It Works

1
📂 Discover ADFT

You learn about a helpful tool for checking suspicious computer activity logs from Windows or networks.

2
🛠️ Set it up easily

Run one simple command to install everything on your computer – no hassle needed.

3
📁 Gather your clues

Collect your log files from computers or servers and point the tool to them.

4
🚀 Launch the investigation

Hit go and watch it automatically scan, detect threats, and build a clear picture of what happened.

5
📊 Explore the dashboard

Open the friendly web view to see timelines, risky spots, and attack paths laid out simply.

6
🛡️ Get security fixes

Review easy advice and ready-made steps to lock down weak points and prevent repeats.

Stay protected

Your logs are analyzed, risks scored, and fixes ready – your systems are safer now.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 47 to 47 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ADFT?

ADFT v1.0 is a Python-based Active Directory forensic toolkit that ingests exported Windows logs in formats like EVTX, JSONL, YAML, CEF, and ZIP, converting them to a canonical JSONL format for offline analysis. It runs deterministic detections across 34 rules targeting AD compromises—like Kerberos abuse, privilege escalation, and ransomware precursors—then correlates alerts, scores AD exposure, reconstructs timelines and attack paths, and spits out HTML/JSON/CSV reports plus ATT&CK Navigator layers. CLI commands like `adft investigate logs -o reports` or `adft ui` launch an integrated local web UI for interactive graphing and hardening script exports.

Why is it gaining traction?

It stands out for fully offline AD forensics without SIEM dependencies, handling real-world post-SIEM exports like those after the hunt for adecco-scale breaches or ADFS token issues. The deterministic pipeline delivers explainable outputs—risk scores, entity graphs, and PowerShell remediation zips—faster than manual Sigma parsing or Elastic queries. Devs dig the one-shot `install_adft.sh --run-demo` setup with ransomware samples, bridging adft meaning (Active Directory Forensic Toolkit) to practical DFIR.

Who should use this?

Incident responders triaging AD logs from SIEM dumps or EVTX exports during active directory investigations. SOC analysts chasing ADFS token lifetime anomalies, token signing certificate renewal gaps, or post-exploitation like DCShadow/DCSync. Blue teams needing quick hardening after passion projects uncover hygiene gaps.

Verdict

Grab it for targeted AD triage if you have Python 3.11+ and EVTX deps—docs and demos are solid despite 47 stars and 1.0% credibility signaling early v1.0 maturity. Skip for enterprise-scale if you need cloud integrations; otherwise, it's a lightweight win for offline forensic workflows.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.