247 Open source projects that are alternatives of or similar to Linuxforensics

Carve file metadata from NTFS index ($I30) attributes

Educational, CTF-styled labs for individuals interested in Memory Forensics

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

System Management RAM analysis tool

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Provides various Windows Server Active Directory (AD) security-focused reports.

PowerShell module for Office 365 and Azure log collection

Awesome list of digital forensic tools

macOS Artifact Parsing Tool

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

DFIRTrack - The Incident Response Tracking Application

Cortex Analyzers Repository

An AFF4 C++ implementation.

Live system forensic collector

TCP/IP packet demultiplexer. Download from:

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Minimalistic DNS logging tool

Invoke-LiveResponse

incident response scripts

Automagically extract forensic timeline from volatile memory dump

Digital Forensics Investigation Platform

Cortex: a Powerful Observable Analysis and Active Response Engine

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Query and report user logons relations from MS Windows Security Events

Python script to decode common encoded PowerShell scripts

Timeline of Active Directory changes with replication metadata

A collection of tools for forensic analysis

An Incident Response tool to extract console command history and screen output buffer

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Collaborative forensic timeline analysis

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Python 3 Script to parse out iTunes backups

#ThreatHunting #DFIR #Malware #Detection Mind Maps

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

Trace ScriptBlock execution for powershell v2

Event Trace Log file parser in pure Python

CIRCL system forensic tools or a jumble of tools to support forensic

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

Truehunter

The Python implementation of the AFF4 standard.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

A tool for forensic file system reconstruction.

Documentation of TheHive

Dumps all of the Key/Value pairs from a LevelDB database

Web browser forensics for Google Chrome/Chromium

A curated list of awesome forensic analysis tools and resources

A list of free and open forensics analysis tools and other resources

Automation and Scaling of Digital Forensics Tools

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Python API Client for TheHive

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Huawei backup decryptor

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.