144 Open source projects that are alternatives of or similar to Forensic Tools

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Imago is a python tool that extract digital evidences from images.

A Splunk Technology Add-on to forward filtered ETW events.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Digging Deeper....

Extract and aggregate threat intelligence.

Python tool and library to help analyze files during malware triage and analysis.

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

SQLite queries

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

You didn't think I'd go and leave the blue team out, right?

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Truehunter

An Incident Response tool to extract console command history and screen output buffer

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Incident Response Scripts

Deploy and maintain Symon through the Splunk Deployment Sever

Web browser forensics for Google Chrome/Chromium

Telegram cache4.db parser

incident response scripts

A tool for forensic file system reconstruction.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

DDTTX Tabletop Trainings

Investigate malicious Windows logon by visualizing and analyzing Windows event log

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Query and report user logons relations from MS Windows Security Events

Dumps all of the Key/Value pairs from a LevelDB database

Misc Threat Hunting Resources

Automation and Scaling of Digital Forensics Tools

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

Collaborative forensic timeline analysis

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Warning lists to inform users of MISP about potential false-positives or other information in indicators

System Management RAM analysis tool

Yara Based Detection Engine for web browsers

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

Indicator Extractor

Loki - Simple IOC and Incident Response Scanner

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

All-in-one bundle of MISP, TheHive and Cortex

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Tools for the Computer Incident Response Team 💻

A curated list of tools for incident response

Invoke-LiveResponse

documentation, scripts, tools related to Zena Forensics (http://blog.digital-forensics.it)

Virustotal Data to Timesketch

Parses Windows event logs files based on SANS Poster

Log what files are accessed by any Linux process

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.