144 Open source projects that are alternatives of or similar to Forensic Tools

Educational, CTF-styled labs for individuals interested in Memory Forensics

Cortex: a Powerful Observable Analysis and Active Response Engine

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Documentation of TheHive

Digital Forensics Investigation Platform

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Everything related to Linux Forensics

Python API Client for TheHive

A curated list of awesome forensic analysis tools and resources

DFIRTrack - The Incident Response Tracking Application

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

Cortex Analyzers Repository

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Carve file metadata from NTFS index ($I30) attributes

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Recon Hunt Queries

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Bash script to Check for malicious Cryptomining

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

A list of cyber-chef recipes and curated links

macOS Artifact Parsing Tool

A sort of a toolkit to decrypt Dropbox Windows DBX files

Incident Response - Fast suspicious file finder

Defanged Indicator of Compromise (IOC) Extractor.

Cyber-investigation Analysis Standard Expression (CASE) Ontology

Yara rules written by me, for free use.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

incident response scripts

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

A script to assist in processing forensic RAM captures for malware triage

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Truehunter

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Incident Response Scripts

Web browser forensics for Google Chrome/Chromium

A tool for forensic file system reconstruction.

Python API Client for Cortex

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

The Python implementation of the AFF4 standard.

Dumps all of the Key/Value pairs from a LevelDB database

Automation and Scaling of Digital Forensics Tools

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A list of free and open forensics analysis tools and other resources

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Validates yara rules and tries to repair the broken ones.

Digging Deeper....

Extract and aggregate threat intelligence.

System Management RAM analysis tool

Python tool and library to help analyze files during malware triage and analysis.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

DDTTX Tabletop Trainings

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)