MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+2477.78%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+2403.7%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+229.63%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+1207.41%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+851.85%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+237.04%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+600%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (+429.63%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+6474.07%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+759.26%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+418.52%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+8418.52%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+3514.81%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+18.52%)
Artifacts📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-22.22%)
rhqRecon Hunt Queries
Stars: ✭ 66 (+144.44%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+1211.11%)
minerchkBash script to Check for malicious Cryptomining
Stars: ✭ 36 (+33.33%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (+129.63%)
Cyberchef RecipesA list of cyber-chef recipes and curated links
Stars: ✭ 619 (+2192.59%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+1118.52%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-18.52%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+329.63%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+1011.11%)
CASECyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (+70.37%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-51.85%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+1311.11%)
Opensource-Endpoint-MonitoringThis repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Stars: ✭ 30 (+11.11%)
ir scriptsincident response scripts
Stars: ✭ 17 (-37.04%)
hashlookup-forensic-analyserAnalyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Stars: ✭ 43 (+59.26%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (+22.22%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+1955.56%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+10848.15%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-11.11%)
WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (+88.89%)
ThreathuntingA Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Stars: ✭ 738 (+2633.33%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+1051.85%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (+7.41%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+2081.48%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+937.04%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-18.52%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+911.11%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (+37.04%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-14.81%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+1607.41%)
LolbasLiving Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+14011.11%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (+1351.85%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (+25.93%)
AttackdatamapA datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (+877.78%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+37.04%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1525.93%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+85.19%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+185.19%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1537.04%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+851.85%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-18.52%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-18.52%)