144 Open source projects that are alternatives of or similar to Artifacts

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Documentation of TheHive

Carve file metadata from NTFS index ($I30) attributes

Educational, CTF-styled labs for individuals interested in Memory Forensics

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A curated list of awesome forensic analysis tools and resources

Everything related to Linux Forensics

Digital Forensics Investigation Platform

Python API Client for TheHive

DFIRTrack - The Incident Response Tracking Application

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

CIRCL system forensic tools or a jumble of tools to support forensic

Cortex Analyzers Repository

Cortex: a Powerful Observable Analysis and Active Response Engine

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

Bash script to Check for malicious Cryptomining

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Web browser forensics for Google Chrome/Chromium

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Truehunter

Incident Response Scripts

A tool for forensic file system reconstruction.

incident response scripts

Recon Hunt Queries

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A list of cyber-chef recipes and curated links

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

macOS Artifact Parsing Tool

A sort of a toolkit to decrypt Dropbox Windows DBX files

Digging Deeper....

Automation and Scaling of Digital Forensics Tools

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

A script to assist in processing forensic RAM captures for malware triage

Incident Response - Fast suspicious file finder

Defanged Indicator of Compromise (IOC) Extractor.

Cyber-investigation Analysis Standard Expression (CASE) Ontology

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Log what files are accessed by any Linux process

The Python implementation of the AFF4 standard.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Dumps all of the Key/Value pairs from a LevelDB database

A list of free and open forensics analysis tools and other resources

Extract and aggregate threat intelligence.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

Validates yara rules and tries to repair the broken ones.

System Management RAM analysis tool

Python tool and library to help analyze files during malware triage and analysis.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

A curated list of tools for incident response

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

DDTTX Tabletop Trainings

Yara Based Detection Engine for web browsers

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)