INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-83.07%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+268.25%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+380.42%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+133.86%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-73.54%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-76.19%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-46.56%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-77.78%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-16.4%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+74.07%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+87.3%)
DfirtrackDFIRTrack - The Incident Response Tracking Application
Stars: ✭ 232 (+22.75%)
C Aff4An AFF4 C++ implementation.
Stars: ✭ 126 (-33.33%)
PackratLive system forensic collector
Stars: ✭ 16 (-91.53%)
TcpflowTCP/IP packet demultiplexer. Download from:
Stars: ✭ 1,231 (+551.32%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+37.57%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-88.36%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-78.84%)
ir scriptsincident response scripts
Stars: ✭ 17 (-91.01%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-71.43%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+35.98%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+257.67%)
Artifacts📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-88.89%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+416.4%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+16.93%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+1.59%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+33.33%)
Forensic ToolsA collection of tools for forensic analysis
Stars: ✭ 204 (+7.94%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-78.31%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-6.88%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+193.65%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+849.74%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-35.45%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+18.52%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-52.91%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-79.89%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-65.08%)
Forensic ToolsCIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-85.71%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (-25.93%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-51.85%)
pyaff4The Python implementation of the AFF4 standard.
Stars: ✭ 37 (-80.42%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+64.55%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+48.15%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+86.77%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-87.83%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+211.64%)
Awesome ForensicsA curated list of awesome forensic analysis tools and resources
Stars: ✭ 1,775 (+839.15%)
ForensicsToolsA list of free and open forensics analysis tools and other resources
Stars: ✭ 392 (+107.41%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+143.92%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+1116.93%)
Thehive4pyPython API Client for TheHive
Stars: ✭ 143 (-24.34%)
Artifacts KitPseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
Stars: ✭ 99 (-47.62%)
LogontracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log
Stars: ✭ 1,914 (+912.7%)
KobackupdecHuawei backup decryptor
Stars: ✭ 94 (-50.26%)
ThreathuntThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Stars: ✭ 92 (-51.32%)