Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+4027.91%)
dcflddEnhanced version of dd for forensics and security
Stars: ✭ 27 (-37.21%)
BlueCloudCyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (+104.65%)
DetectionlabAutomate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+7427.91%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (+811.63%)
PackratLive system forensic collector
Stars: ✭ 16 (-62.79%)
Judge-Jury-and-ExecutableA file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (+53.49%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (-13.95%)
pdfresurrectAnalyze and help extract older "hidden" versions of a pdf from the current pdf.
Stars: ✭ 40 (-6.98%)
bloomcljA Bloom Filter implementation in Clojure
Stars: ✭ 20 (-53.49%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-44.19%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-11.63%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (+169.77%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-2.33%)
ganonganon classifies short DNA sequences against large sets of genomic sequences efficiently, with download and update of references (RefSeq/Genbank), taxonomic (NCBI/GTDB) and hierarchical classification, customized reporting and more
Stars: ✭ 57 (+32.56%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+504.65%)
ntHashFast hash function for DNA sequences
Stars: ✭ 66 (+53.49%)
ir scriptsincident response scripts
Stars: ✭ 17 (-60.47%)
xorfXor filters - efficient probabilistic hashsets. Faster and smaller than bloom and cuckoo filters.
Stars: ✭ 64 (+48.84%)
btrfscueRecover files from damaged BTRFS filesystems
Stars: ✭ 28 (-34.88%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+183.72%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+16.28%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (-44.19%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+106.98%)
bloomfilterSimplistic (but fast) java implementation of a bloom filter.
Stars: ✭ 35 (-18.6%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-44.19%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+111.63%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+267.44%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-48.84%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+65.12%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-46.51%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (-32.56%)
bloomfilterBloom filters for Java
Stars: ✭ 53 (+23.26%)
ingest-fileIngestors extract the contents of mixed unstructured documents into structured (followthemoney) data.
Stars: ✭ 40 (-6.98%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (-20.93%)
vminspectTools for inspecting disk images
Stars: ✭ 25 (-41.86%)
lsrootkitRootkit Detector for UNIX
Stars: ✭ 53 (+23.26%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (-13.95%)
PharoPDSProbabilistic data structures in Pharo Smalltalk.
Stars: ✭ 28 (-34.88%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+225.58%)
bloom filterBloom filter implementation in Crystal lang
Stars: ✭ 33 (-23.26%)
leaked-passwordLeaked password check library with bloom filter
Stars: ✭ 41 (-4.65%)
guava-probablyProbabilistic data structures for Guava.
Stars: ✭ 51 (+18.6%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (-39.53%)
json-bloomfilter🗜 A bloom filter implementation in Ruby and Javascript that is serialisable to JSON and compatible between both languages.
Stars: ✭ 15 (-65.12%)
bloomAn in-memory bloom filter with persistence and HTTP interface
Stars: ✭ 31 (-27.91%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+420.93%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-6.98%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+79.07%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-25.58%)
hackernews-buttonPrivacy-preserving Firefox extension linking to Hacker News discussion; built with Bloom filters and WebAssembly
Stars: ✭ 73 (+69.77%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (-23.26%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+927.91%)
libfilterHigh-speed Bloom filters and taffy filters for C, C++, and Java
Stars: ✭ 23 (-46.51%)