235 Open source projects that are alternatives of or similar to Autotimeliner

Educational, CTF-styled labs for individuals interested in Memory Forensics

Web browser forensics for Google Chrome/Chromium

Collaborative forensic timeline analysis

Everything related to Linux Forensics

Automation and Scaling of Digital Forensics Tools

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

An Incident Response tool to extract console command history and screen output buffer

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

System Management RAM analysis tool

Event Trace Log file parser in pure Python

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Timeline of Active Directory changes with replication metadata

Query and report user logons relations from MS Windows Security Events

PowerShell module for Office 365 and Azure log collection

Invoke-LiveResponse

Carve file metadata from NTFS index ($I30) attributes

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Live system forensic collector

Minimalistic DNS logging tool

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Trace ScriptBlock execution for powershell v2

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Provides various Windows Server Active Directory (AD) security-focused reports.

incident response scripts

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Python 3 Script to parse out iTunes backups

macOS Artifact Parsing Tool

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

A tool for forensic file system reconstruction.

Python script to decode common encoded PowerShell scripts

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Dumps all of the Key/Value pairs from a LevelDB database

Truehunter

A Linux packet crafting tool.

Python API Client for Cortex

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

🕵️ A tool for Firefox profile analysis, data extraction, forensics and hardening

Tracking history of USB events on GNU/Linux

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

SIFT

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Documentation of TheHive

A tool to help forensicate offline docker acquisitions

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Volatility plugin for extracts configuration data of known malware

CIRCL system forensic tools or a jumble of tools to support forensic

Cortex: a Powerful Observable Analysis and Active Response Engine

Android Apps, Roms and Platforms for Pentesting

A list of cyber-chef recipes and curated links

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

PS / Bash / Python / Other scripts For FUN!

Parses $MFT from NTFS file systems

A FUSE module to mount captured network data