RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-8.33%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-47.4%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+61.98%)
PackratLive system forensic collector
Stars: ✭ 16 (-91.67%)
ir scriptsincident response scripts
Stars: ✭ 17 (-91.15%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-76.56%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (-36.46%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-80.21%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-83.33%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+16.67%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+35.42%)
Rebel FrameworkAdvanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-4.69%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-73.96%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-52.6%)
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
Stars: ✭ 64 (-66.67%)
rhqRecon Hunt Queries
Stars: ✭ 66 (-65.62%)
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+33.85%)
PatrowlenginesPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-15.62%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+71.35%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+84.38%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+140.1%)
KuiperDigital Forensics Investigation Platform
Stars: ✭ 257 (+33.85%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+89.06%)
CyphonOpen source incident management and response platform.
Stars: ✭ 543 (+182.81%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+206.77%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+130.21%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-88.54%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-88.02%)
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (-53.65%)
ThehiveTheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+1097.92%)
fastfinderIncident Response - Fast suspicious file finder
Stars: ✭ 116 (-39.58%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (-87.5%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+2275.52%)
ThehivedocsDocumentation of TheHive
Stars: ✭ 353 (+83.85%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+45.83%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+128.65%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+189.06%)
Imago ForensicsImago is a python tool that extract digital evidences from images.
Stars: ✭ 175 (-8.85%)
Cortex4pyPython API Client for Cortex
Stars: ✭ 22 (-88.54%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+262.5%)
OrianaOriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Stars: ✭ 152 (-20.83%)
KauditAlcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23 (-88.02%)
BeagleBeagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (+408.33%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-71.87%)
ScriptingPS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-75.52%)
MetaforgeAn OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (-67.19%)
Ioc ExplorerExplore Indicators of Compromise Automatically
Stars: ✭ 73 (-61.98%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+252.08%)
HistoricprocesstreeAn Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-76.04%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-65.62%)
Sysmon ModularA repository of sysmon configuration modules
Stars: ✭ 1,229 (+540.1%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-43.75%)
Awesome HackingAwesome hacking is an awesome collection of hacking tools.
Stars: ✭ 1,802 (+838.54%)
SleuthkitThe Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
Stars: ✭ 1,948 (+914.58%)
PatrowldocsPatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-45.31%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+834.9%)