251 Open source projects that are alternatives of or similar to Sleuthkit

Carve file metadata from NTFS index ($I30) attributes

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Invoke-LiveResponse

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Extract BITS jobs from QMGR queue and store them as CSV records

Python script to decode common encoded PowerShell scripts

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Trace ScriptBlock execution for powershell v2

Live system forensic collector

incident response scripts

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Bramble is a hacking Open source suite.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

A role-playing game for incident management training

Super timeline all the things

PS / Bash / Python / Other scripts For FUN!

A curated list of awesome things related to TheHive & Cortex

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

incident response tool for iOS devices

Copy-move forgery detection on digital image using Python

Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

Comae Hibernation File Decompressor

Automagically extract forensic timeline from volatile memory dump

Hacker tools on Go (Golang)

All-in-one bundle of MISP, TheHive and Cortex

An AFF4 C++ implementation.

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Wazuh - Project documentation

tamper resistant audit log

Parses $MFT from NTFS file systems

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Maltego CaseFile entities for information security investigations, malware analysis and incident response

Awesome hacking is an awesome collection of hacking tools.

🕵️ A tool for Firefox profile analysis, data extraction, forensics and hardening

Monzo's real-time incident response and reporting tool ⚡️

A FUSE module to mount captured network data

Python API Client for TheHive

Powerful checksum generator!

TCP/IP packet demultiplexer. Download from:

PagerDuty's Incident Response Documentation.

Wazuh - Chef cookbooks

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

Alcide Kubernetes Audit Log Analyzer - Alcide kAudit

Python API Client for Cortex

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

Tracking history of USB events on GNU/Linux

A curated list of Site Reliability and Production Engineering resources.

Malware Behavior Analyzer

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Explore Indicators of Compromise Automatically

Educational, CTF-styled labs for individuals interested in Memory Forensics

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.