Kjean13/ADFT
Active Directory Forensic Toolkit : Detect & reconstruct AD attacks from Windows event logs (EVTX)
2 Releases
Latest: 3mo ago
ADFT v1.0.1 - PowerShell template refinementv1.0.1Latest
Kjean13·3mo ago·March 17, 2026📋 Changed
- Refined generated PowerShell templates for `HARD-001`, `HARD-010`, and `HARD-012`
- Reduced unnecessary AD query scope in post-analysis scripts
- Made privileged group recursion opt-in
- Replaced broad recent-user enumeration with server-side LDAP filtering
📦 Impact
- Safer PowerShell outputs for large AD environments
- Better alignment with ADFT’s analysis-first / remediation-second design
ADFT v1.0.0 - Initial public releasev1.0.0
Kjean13·3mo ago·March 16, 2026📦 ADFT v1.0.0
- Initial public release of ADFT - Active Directory Forensic Toolkit.
📦 Highlights
- Offline investigation workflow for Windows / AD / SIEM-oriented datasets
- EVTX support through `python-evtx`
- Deterministic detection engine with rulepack v1
- Correlation and reconstruction pipeline
- Reporting exports in HTML / JSON / CSV
- Integrity and validation artifacts
- Interactive GUI with:
- bilingual FR / EN switch
- + 5 more
📦 Packaging
- Official installation path via `install_adft.sh`
- `pyproject.toml` as packaging source of truth
- `requirements-dev.txt` reserved for development and testing
- Prebuilt packaged GUI included in `adft/webui_dist`
📦 Validation status
- Release validation completed on the packaged build:
- installation OK
- CLI investigation OK
- GUI launch OK
- EVTX dependency OK
- demo dataset processing OK
📦 Notes
- This release is intended for:
- lab usage
- demonstrations
- early community feedback
- License: MIT