235 Open source projects that are alternatives of or similar to Etl Parser

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

macOS Artifact Parsing Tool

Query and report user logons relations from MS Windows Security Events

Everything related to Linux Forensics

A tool for forensic file system reconstruction.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Invoke-LiveResponse

Collaborative forensic timeline analysis

Minimalistic DNS logging tool

Python 3 Script to parse out iTunes backups

Provides various Windows Server Active Directory (AD) security-focused reports.

Truehunter

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

An Incident Response tool to extract console command history and screen output buffer

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

incident response scripts

Python script to decode common encoded PowerShell scripts

Timeline of Active Directory changes with replication metadata

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Carve file metadata from NTFS index ($I30) attributes

Educational, CTF-styled labs for individuals interested in Memory Forensics

#ThreatHunting #DFIR #Malware #Detection Mind Maps

System Management RAM analysis tool

Dumps all of the Key/Value pairs from a LevelDB database

Trace ScriptBlock execution for powershell v2

Web browser forensics for Google Chrome/Chromium

Live system forensic collector

Automation and Scaling of Digital Forensics Tools

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

PowerShell module for Office 365 and Azure log collection

Automagically extract forensic timeline from volatile memory dump

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A single file container/archive that can be reconstructed even after total loss of file system structures

Super timeline all the things

CIRCL system forensic tools or a jumble of tools to support forensic

Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.

Extract and aggregate threat intelligence.

A FUSE module to mount captured network data

A curated list of tools for incident response

OSINT Swiss Army Knife

Smart OSINT collection of common IOC types

PS / Bash / Python / Other scripts For FUN!

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

A Linux packet crafting tool.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

tamper resistant audit log

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Your Everyday Threat Intelligence

Powerful checksum generator!

SIFT

Alcide Kubernetes Audit Log Analyzer - Alcide kAudit

Documentation of TheHive

An OSINT Metadata analyzing tool that filters through tags and creates reports