1372 Open source projects that are alternatives of or similar to Ir Rescue

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

VirusTotal Wanna Be - Now with 100% more Hipster

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Carve file metadata from NTFS index ($I30) attributes

A list of cyber-chef recipes and curated links

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

ThePhish: an automated phishing email analysis tool

A curated list of tools for incident response

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

incident response scripts

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Provides various Windows Server Active Directory (AD) security-focused reports.

Who and what to follow in the world of cyber security

Trace ScriptBlock execution for powershell v2

Invoke-LiveResponse

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Educational, CTF-styled labs for individuals interested in Memory Forensics

Python script to decode common encoded PowerShell scripts

Live system forensic collector

Hashes of infamous malware

A curated list of awesome resources related to executable packing

📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server

An Incident Response tool to extract console command history and screen output buffer

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A Python RESTful API framework for online malware analysis and threat intelligence services.

No description or website provided.

Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

A tool for forensic file system reconstruction.

Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.

Malware Sample Sources

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Docker configurations for TheHive, Cortex and 3rd party tools

Minimalistic DNS logging tool

You didn't think I'd go and leave the blue team out, right?

Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC

Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"

PowerShell module for Office 365 and Azure log collection

Python 3 Script to parse out iTunes backups

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

No description or website provided.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

System Management RAM analysis tool

A Lambda-powered Security Orchestration framework for AWS GuardDuty

Cyber Incident Response Team Playbook Battle Cards

A concise, directive, specific, flexible, and free incident response plan template

Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Dumps all of the Key/Value pairs from a LevelDB database

Malware similarity platform with modularity in mind.

Incident Response - Fast suspicious file finder

Malware Machine Learning

Rootkit Detector for UNIX

Recon Hunt Queries

Digital Forensics Investigation Platform

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.