Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-43.96%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (-65.95%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+25.41%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-92.61%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+6.13%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-81.8%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-78.02%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (-40.72%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (-20.36%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-94.23%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-91.89%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (-54.59%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-71.53%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-92.43%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-88.11%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+223.42%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (-49.55%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-68.29%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-59.64%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+63.6%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-93.15%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-96.04%)
ir scriptsincident response scripts
Stars: ✭ 17 (-96.94%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-95.86%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (-36.22%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-90.27%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (-60.18%)
PackratLive system forensic collector
Stars: ✭ 16 (-97.12%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-92.79%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-65.41%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (-53.15%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-90.99%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (-16.94%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (-92.97%)
wipedicksWipe files and drives securely with randoms ASCII dicks
Stars: ✭ 94 (-83.06%)
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
Stars: ✭ 64 (-88.47%)
PigA Linux packet crafting tool.
Stars: ✭ 384 (-30.81%)
MalconfscanVolatility plugin for extracts configuration data of known malware
Stars: ✭ 327 (-41.08%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (-95.68%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-97.66%)
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-96.04%)
Awesome ForensicsAwesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
Stars: ✭ 446 (-19.64%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+653.15%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-88.11%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (-94.59%)
rair-coreRAIR: RAdare In Rust
Stars: ✭ 63 (-88.65%)
HackdroidAndroid Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (-44.14%)
dcflddEnhanced version of dd for forensics and security
Stars: ✭ 27 (-95.14%)
ImageSplicingDetectionIlluminant inconsistencies for image splicing detection in forensics
Stars: ✭ 36 (-93.51%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (-31.35%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+721.8%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (-93.51%)
git-forensics-pluginJenkins plug-in that mines and analyzes data from a Git repository
Stars: ✭ 19 (-96.58%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (-45.95%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (-92.25%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (-88.83%)