235 Open source projects that are alternatives of or similar to Diffy

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Everything related to Linux Forensics

Invoke-LiveResponse

Educational, CTF-styled labs for individuals interested in Memory Forensics

Truehunter

An Incident Response tool to extract console command history and screen output buffer

Python 3 Script to parse out iTunes backups

Web browser forensics for Google Chrome/Chromium

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

macOS Artifact Parsing Tool

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Carve file metadata from NTFS index ($I30) attributes

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Timeline of Active Directory changes with replication metadata

PowerShell module for Office 365 and Azure log collection

Provides various Windows Server Active Directory (AD) security-focused reports.

Event Trace Log file parser in pure Python

Collaborative forensic timeline analysis

A tool for forensic file system reconstruction.

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Trace ScriptBlock execution for powershell v2

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

incident response scripts

Dumps all of the Key/Value pairs from a LevelDB database

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Automagically extract forensic timeline from volatile memory dump

Query and report user logons relations from MS Windows Security Events

Live system forensic collector

Minimalistic DNS logging tool

Python script to decode common encoded PowerShell scripts

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

System Management RAM analysis tool

Automation and Scaling of Digital Forensics Tools

Yara Based Detection Engine for web browsers

Wipe files and drives securely with randoms ASCII dicks

Extract BITS jobs from QMGR queue and store them as CSV records

A Linux packet crafting tool.

Volatility plugin for extracts configuration data of known malware

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Yara rules written by me, for free use.

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Recon Hunt Queries

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

RAIR: RAdare In Rust

Android Apps, Roms and Platforms for Pentesting

Enhanced version of dd for forensics and security

Illuminant inconsistencies for image splicing detection in forensics

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Bash script to Check for malicious Cryptomining

Jenkins plug-in that mines and analyzes data from a Git repository

Defanged Indicator of Compromise (IOC) Extractor.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.