MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+1188.89%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+990.74%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+3224.07%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+250%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+753.7%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+225.93%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+475.93%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+718.52%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-24.07%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+314.81%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+1581.48%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-7.41%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (+22.22%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+555.56%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+366.67%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+309.26%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+192.59%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-40.74%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+927.78%)
PackratLive system forensic collector
Stars: ✭ 16 (-70.37%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-25.93%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+87.04%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-29.63%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-59.26%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-22.22%)
ir scriptsincident response scripts
Stars: ✭ 17 (-68.52%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+125.93%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+509.26%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-16.67%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+418.52%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+255.56%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+381.48%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-57.41%)
PigA Linux packet crafting tool.
Stars: ✭ 384 (+611.11%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-59.26%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+7640.74%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+605.56%)
Firefed🕵️ A tool for Firefox profile analysis, data extraction, forensics and hardening
Stars: ✭ 37 (-31.48%)
UsbripTracking history of USB events on GNU/Linux
Stars: ✭ 903 (+1572.22%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+7607.41%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+1266.67%)
SiftSIFT
Stars: ✭ 355 (+557.41%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-14.81%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1707.41%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+553.7%)
Docker ExplorerA tool to help forensicate offline docker acquisitions
Stars: ✭ 328 (+507.41%)
MalconfscanVolatility plugin for extracts configuration data of known malware
Stars: ✭ 327 (+505.56%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-50%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+1151.85%)
HackdroidAndroid Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (+474.07%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+1046.3%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+8346.3%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-12.96%)
MftecmdParses $MFT from NTFS file systems
Stars: ✭ 45 (-16.67%)
PcapfsA FUSE module to mount captured network data
Stars: ✭ 17 (-68.52%)