INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-73.77%)
Mutual labels: incident-response, forensics, dfir
ir scriptsincident response scripts
Stars: ✭ 17 (-86.07%)
Mutual labels: incident-response, forensics, dfir
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+113.11%)
Mutual labels: incident-response, forensics, dfir
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+57.38%)
Mutual labels: incident-response, forensics, dfir
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+83.61%)
Mutual labels: incident-response, forensics, dfir
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+154.92%)
Mutual labels: incident-response, forensics, dfir
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-68.85%)
Mutual labels: incident-response, forensics, dfir
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+44.26%)
Mutual labels: incident-response, forensics, dfir
PackratLive system forensic collector
Stars: ✭ 16 (-86.89%)
Mutual labels: incident-response, forensics, dfir
Invoke LiveresponseInvoke-LiveResponse
Stars: ✭ 115 (-5.74%)
Mutual labels: incident-response, forensics, dfir
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-63.11%)
Mutual labels: incident-response, forensics, dfir
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-17.21%)
Mutual labels: incident-response, forensics, dfir
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-67.21%)
Mutual labels: forensics, dfir
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+644.26%)
Mutual labels: forensics, dfir
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (+43.44%)
Mutual labels: incident-response, dfir
PockintA portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+60.66%)
Mutual labels: incident-response, dfir
Dfir OrcForensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+65.57%)
Mutual labels: incident-response, dfir
Vast🔮 Visibility Across Space and Time
Stars: ✭ 227 (+86.07%)
Mutual labels: incident-response, dfir
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+90.16%)
Mutual labels: incident-response, dfir
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+1785.25%)
Mutual labels: incident-response, dfir