catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+333.33%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+1580.95%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+52.38%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+3214.29%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+4547.62%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+8352.38%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+800%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+1123.81%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+580.95%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+1004.76%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+566.67%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+323.81%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+10852.38%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (+28.57%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+3119.05%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (+42.86%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (+71.43%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (+104.76%)
WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (+142.86%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+2704.76%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+1380.95%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (+38.1%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+1233.33%)
ir scriptsincident response scripts
Stars: ✭ 17 (-19.05%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+214.29%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+1585.71%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+2847.62%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (+57.14%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (+195.24%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+1466.67%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (+4.76%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+2095.24%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+1200%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (+14.29%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+452.38%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+1328.57%)
CASECyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (+119.05%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+2542.86%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+13976.19%)
WhatfilesLog what files are accessed by any Linux process
Stars: ✭ 800 (+3709.52%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (+76.19%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+18042.86%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (+9.52%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (+1766.67%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1990.48%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+1157.14%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (+61.9%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+76.19%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+138.1%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+266.67%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+1123.81%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+2004.76%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (+4.76%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (+85.71%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (+4.76%)