WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1005%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-20%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+460%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+1052.5%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+677.5%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+5%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+530%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+1287.5%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+380%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (+2.5%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+152.5%)
ir scriptsincident response scripts
Stars: ✭ 17 (-57.5%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+340%)
PackratLive system forensic collector
Stars: ✭ 16 (-60%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+600%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+550%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+785%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+452.5%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-5%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-45%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+372.5%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+25%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+1372.5%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+1640%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+2170%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-42.5%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (+35%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+12.5%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+295%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+205%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+722.5%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (+65%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+4387.5%)
anvilTools for distributing ssl certificates
Stars: ✭ 29 (-27.5%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+65%)
sandfly-setupSandfly Security Agentless Compromise and Intrusion Detection System For Linux
Stars: ✭ 45 (+12.5%)
urlRecon📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (-22.5%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-42.5%)
DFIR Resources REvil KaseyaResources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (+330%)
TryHackMe-Write-UpThe entire walkthrough of all my resolved TryHackMe rooms
Stars: ✭ 53 (+32.5%)
Blue-Team-NotesYou didn't think I'd go and leave the blue team out, right?
Stars: ✭ 899 (+2147.5%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (-17.5%)
BlockHashLocRecover files using lists of blocks hashes, bypassing the File System entirely
Stars: ✭ 45 (+12.5%)
demuxusbA program and toolset to analyze iDevice USB sessions
Stars: ✭ 25 (-37.5%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+20015%)
Invtero.netinVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Stars: ✭ 237 (+492.5%)
BlueCloudCyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (+120%)
Radare2UNIX-like reverse engineering framework and command-line toolset
Stars: ✭ 15,412 (+38430%)
BURN[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-67.5%)
RemoteNETExamine, create and interact with remote objects in other .NET processes.
Stars: ✭ 29 (-27.5%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (+2.5%)
Forensic ToolsA collection of tools for forensic analysis
Stars: ✭ 204 (+410%)