RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+700%)
Mutual labels: incident-response
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Stars: ✭ 52 (+136.36%)
Mutual labels: incident-response
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+222.73%)
Mutual labels: incident-response
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+359.09%)
Mutual labels: incident-response
wazuh-packagesWazuh - Tools for packages creation
Stars: ✭ 54 (+145.45%)
Mutual labels: incident-response
yara-exporterExporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (+0%)
Mutual labels: incident-response
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (+9.09%)
Mutual labels: incident-response
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+918.18%)
Mutual labels: incident-response
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+1081.82%)
Mutual labels: incident-response
iris-webCollaborative Incident Response platform
Stars: ✭ 560 (+2445.45%)
Mutual labels: incident-response
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+45.45%)
Mutual labels: incident-response
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+454.55%)
Mutual labels: incident-response
ThePhishThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+2972.73%)
Mutual labels: incident-response
LinuxCatScaleIncident Response collection and processing scripts with automated reporting scripts
Stars: ✭ 143 (+550%)
Mutual labels: incident-response
macOS-irPrototype to collect data and analyse it from a compromised macOS device.
Stars: ✭ 16 (-27.27%)
Mutual labels: incident-response
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+304.55%)
Mutual labels: incident-response
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (+72.73%)
Mutual labels: incident-response
wazuh-ansibleWazuh - Ansible playbook
Stars: ✭ 166 (+654.55%)
Mutual labels: incident-response