Skip to content

Releases: ForensicFoundry/ualforge

2026.05.01

04 May 02:09
@ForensicFoundry ForensicFoundry
2026-05-01
This tag was signed with the committer’s verified signature.
ForensicFoundry
GPG key ID: 3FC14CAD68986F9A
Verified
Learn about vigilant mode.
d9d3ed5
This commit was signed with the committer’s verified signature.
ForensicFoundry
GPG key ID: 3FC14CAD68986F9A
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
2026.05.01 Latest
Latest

ualforge

Parse Microsoft 365 Unified Audit Log (UAL) CSV exports into a single
SQLite database optimized for digital-forensic and business-email-compromise
(BEC) investigations.

Every row of every CSV export is preserved verbatim, the JSON auditData
blob is stored both raw (byte-for-byte) and in canonical form, and a wide
set of BEC-relevant fields are promoted into indexed and normalized
columns for fast querying. Re-ingesting the same data is safe: full-row
SHA-256 hashes are used as the deduplication key.

The companion script bec-triage consumes this database to produce a BEC triage report.
See the bec-triage repo here

Assets 2
Loading