GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → AlecRandazzo → Packrat

AlecRandazzo / Packrat

Licence: MIT license
Live system forensic collector

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects

Labels

incident-responseforensicsdfirforensics-investigationsincident-response-toolingedr-toolsets

Projects that are alternatives of or similar to Packrat

RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+1000%)
Mutual labels:  incident-response, forensics, dfir, incident-response-tooling
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+100%)
Mutual labels:  incident-response, forensics, dfir
MEAT
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+531.25%)
Mutual labels:  incident-response, forensics, dfir
Invoke Liveresponse
Invoke-LiveResponse
Stars: ✭ 115 (+618.75%)
Mutual labels:  incident-response, forensics, dfir
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+1300%)
Mutual labels:  incident-response, forensics, dfir
Pypowershellxray
Python script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+1100%)
Mutual labels:  incident-response, forensics, dfir
CDIR
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+662.5%)
Mutual labels:  incident-response, forensics, dfir
Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+14275%)
Mutual labels:  incident-response, dfir, incident-response-tooling
ir scripts
incident response scripts
Stars: ✭ 17 (+6.25%)
Mutual labels:  incident-response, forensics, dfir
PSTrace
Trace ScriptBlock execution for powershell v2
Stars: ✭ 38 (+137.5%)
Mutual labels:  incident-response, forensics, dfir
uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+1525%)
Mutual labels:  incident-response, forensics, dfir
Awesome Incident Response
A curated list of tools for incident response
Stars: ✭ 4,753 (+29606.25%)
Mutual labels:  incident-response, dfir, incident-response-tooling
Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+1843.75%)
Mutual labels:  incident-response, forensics, dfir
CCXDigger
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+181.25%)
Mutual labels:  incident-response, forensics, dfir
Dfir Orc
Forensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (+1162.5%)
Mutual labels:  incident-response, dfir
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (+1437.5%)
Mutual labels:  incident-response, dfir
Pockint
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+1125%)
Mutual labels:  incident-response, dfir
Scripting
PS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (+193.75%)
Mutual labels:  incident-response, dfir
Threathunt
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (+475%)
Mutual labels:  incident-response, dfir
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+575%)
Mutual labels:  incident-response, forensics
View All Similar Projects ➔

CircleCI codecov Go Report Card GoDoc contributions welcome

Packrat

Packrat is a forensic collector geared towards augmenting EDR toolsets. Unfortunately, not all EDR toolsets have the capability of collecting forensically relevant files from endpoints. The GoFor Collector looks to remedy that.

Usage

   
Flags:
  --help                         Show context-sensitive help (also try
                                 --help-long and --help-man).
  --debug                        Enable debug mode.
  --all                          Collect all forensic artifacts.
  --mft                          Collect the system drive MFT.
  --mft-all                      Collect all attached volume MFTs.
  --mft-letters=MFT-LETTERS ...  Collect volume MFTs by volume letter.
  --reg                          Collect all registry hives, both system and
                                 user hives.
  --events                       Collect all event logs.
  --browser                      Collect browser history
  --custom-config=CUSTOM-CONFIG  Custom configuration file that will overwrite
                                 built in config.
  --throttle                     This setting will limit the process to a single
                                 thread. This will reduce the CPU load.
  --output=OUTPUT                Specify the name of the output file. If not
                                 specified, the file name defaults to the host
                                 name and a timestamp.

Examples

Collect all the things: forensic-collector.exe --all

Collect just the system drive MFT and export to a custom name zip file: forensic-collector.exe --mft --output out.zip

Collect event logs and registry hives: forensic-collector.exe --events --reg

Use a custom configuration for collection (see example config in config/config.yml): forensic-collector.exe --custom-config config.yml

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].