Top 127 dfir open source projects

Timeline of Active Directory changes with replication metadata

Automate the creation of a lab environment complete with security tooling and logging best practices

Cortex Analyzers Repository

DFIRTrack - The Incident Response Tracking Application

🔮 Visibility Across Space and Time

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

A knowledge base of actionable Incident Response techniques

Query and report user logons relations from MS Windows Security Events

Test Blue Team detections without running any attack.

Misc Threat Hunting Resources

Forensics artefact collection tool for systems running Microsoft Windows

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Python script to decode common encoded PowerShell scripts

Everything related to Linux Forensics

Open Source EDR for Windows

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Imago is a python tool that extract digital evidences from images.

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Loki - Simple IOC and Incident Response Scanner

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Python API Client for TheHive

Investigate malicious Windows logon by visualizing and analyzing Windows event log

All-in-one bundle of MISP, TheHive and Cortex

Collaborative forensic timeline analysis

Tools for the Computer Incident Response Team 💻

Indicator Extractor

Invoke-LiveResponse

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A port of Kaitai to the Hiew hex editor

A curated list of awesome forensic analysis tools and resources

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

VirusTotal Wanna Be - Now with 100% more Hipster

Windows Events Attack Samples

A repository of sysmon configuration modules

Signature base for my scanner tools

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

Event Trace Log file parser in pure Python

Smart OSINT collection of common IOC types

Automagically extract forensic timeline from volatile memory dump

PS / Bash / Python / Other scripts For FUN!

Your Everyday Threat Intelligence

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Malcom - Malware Communications Analyzer

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

CIRCL system forensic tools or a jumble of tools to support forensic

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Python API Client for Cortex

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Educational, CTF-styled labs for individuals interested in Memory Forensics

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Cortex: a Powerful Observable Analysis and Active Response Engine

A list of cyber-chef recipes and curated links

Web browser forensics for Google Chrome/Chromium

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Automation and Scaling of Digital Forensics Tools

Extract and aggregate threat intelligence.

A curated list of tools for incident response

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.