AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-83.59%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+79.03%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (-14.89%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-87.84%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-86.32%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (-51.98%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-62.92%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-93.01%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+175.99%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-46.5%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+34.35%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+40.12%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (-42.55%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+445.59%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-84.8%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (-20.97%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+68.69%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+111.55%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (-32.83%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (-23.4%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-69.3%)
PackratLive system forensic collector
Stars: ✭ 16 (-95.14%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-87.23%)
ir scriptsincident response scripts
Stars: ✭ 17 (-94.83%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-93.31%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-90.27%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+7.6%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-41.64%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-87.54%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-79.94%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-31.91%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-88.45%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-5.47%)
sift-saltstackSalt States for Configuring the SIFT Workstation
Stars: ✭ 82 (-75.08%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (-88.15%)
bootcode parserA boot record parser that identifies known good signatures for MBR, VBR and IPL.
Stars: ✭ 91 (-72.34%)
macOS-triagemacOS triage is a python script to collect various macOS logs, artifacts, and other data.
Stars: ✭ 20 (-93.92%)
wipedicksWipe files and drives securely with randoms ASCII dicks
Stars: ✭ 94 (-71.43%)
WindowsDFIRRepository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
Stars: ✭ 51 (-84.5%)
decwindbxA sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-93.31%)
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
Stars: ✭ 64 (-80.55%)
mini-kaliDocker image for hacking
Stars: ✭ 15 (-95.44%)
HackdroidAndroid Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (-5.78%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+798.48%)
VanillaWindowsReferenceA repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.
Stars: ✭ 24 (-92.71%)
ManTraNet-pytorchImplementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch
Stars: ✭ 47 (-85.71%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-64.74%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-96.05%)
IRScriptsIncident Response Scripts
Stars: ✭ 29 (-91.19%)
DetectionlabelkDetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-17.02%)
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-93.31%)
artifactcollector🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (-57.45%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (-89.97%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-79.94%)
siemstressVery basic CLI SIEM (Security Information and Event Management system).
Stars: ✭ 24 (-92.71%)
calamityA script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-92.71%)