1022 Open source projects that are alternatives of or similar to smram_parse

Collaborative forensic timeline analysis

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Query and report user logons relations from MS Windows Security Events

Ghidra analyzer for UEFI firmware.

Raspberry Pi 3 UEFI Firmware Images

Educational, CTF-styled labs for individuals interested in Memory Forensics

Everything related to Linux Forensics

Trace ScriptBlock execution for powershell v2

The LinuxBoot project is working to enable Linux to replace your firmware on all platforms.

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

Project Mu OEM Sample Code

Provides various Windows Server Active Directory (AD) security-focused reports.

Automation and Scaling of Digital Forensics Tools

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Invoke-LiveResponse

Automagically extract forensic timeline from volatile memory dump

Non-EOL (yes!) AArch64 UEFI firmware for Lumia 950 / Lumia 950 XL

Raspberry Pi 4 UEFI Firmware Images [EXPERIMENTAL]

UEFI Tiano Core Value

Timeline of Active Directory changes with replication metadata

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Cortex: a Powerful Observable Analysis and Active Response Engine

Live system forensic collector

SIEM Tactics, Techiques, and Procedures

Python 3 Script to parse out iTunes backups

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

Minimalistic DNS logging tool

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

macOS Artifact Parsing Tool

Web browser forensics for Google Chrome/Chromium

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Volatility Explorer Suit

Event Trace Log file parser in pure Python

Python script to decode common encoded PowerShell scripts

A tool for forensic file system reconstruction.

IDA plugin for UEFI firmware analysis and reverse engineering automation

SystemBoot is a LinuxBoot distribution that works as a system firmware + bootloader, based on u-root

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

CX99DE25 BIOS for HUANANZHI X99-F8 GAMING Motherboard 07/25/2020

PowerShell module for Office 365 and Azure log collection

DEPRECATED - DO NOT USE | Go here instead ->

Microsoft Core UEFI Value

Truehunter

A tool for UEFI firmware reverse engineering

Extract BIOS firmware from Intel-based workstations and laptops

Ghidra utilities for analyzing PC firmware

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Qiling Advanced Binary Emulation Framework

EDK II

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Carve file metadata from NTFS index ($I30) attributes

An Incident Response tool to extract console command history and screen output buffer

Dumps all of the Key/Value pairs from a LevelDB database

incident response scripts

Project mu BaseCore

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

#ThreatHunting #DFIR #Malware #Detection Mind Maps

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.