TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+3490%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+784%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+342%)
EfiseekGhidra analyzer for UEFI firmware.
Stars: ✭ 45 (-10%)
Rpi3Raspberry Pi 3 UEFI Firmware Images
Stars: ✭ 117 (+134%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+1292%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+278%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-24%)
LinuxbootThe LinuxBoot project is working to enable Linux to replace your firmware on all platforms.
Stars: ✭ 554 (+1008%)
FirmaeTowards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
Stars: ✭ 91 (+82%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-16%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+822%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+1010%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (+8%)
Lumia950xlpkgNon-EOL (yes!) AArch64 UEFI firmware for Lumia 950 / Lumia 950 XL
Stars: ✭ 300 (+500%)
Rpi4Raspberry Pi 4 UEFI Firmware Images [EXPERIMENTAL]
Stars: ✭ 480 (+860%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+404%)
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+468%)
CortexCortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (+1252%)
PackratLive system forensic collector
Stars: ✭ 16 (-68%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+214%)
SmmExploitThe report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.
Stars: ✭ 98 (+96%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-20%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+608%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+558%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+1078%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+522%)
Vol3xpVolatility Explorer Suit
Stars: ✭ 31 (-38%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (+32%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+284%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+460%)
EfixplorerIDA plugin for UEFI firmware analysis and reverse engineering automation
Stars: ✭ 268 (+436%)
systembootSystemBoot is a LinuxBoot distribution that works as a system firmware + bootloader, based on u-root
Stars: ✭ 103 (+106%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-56%)
HUANANZHI-X99-F8CX99DE25 BIOS for HUANANZHI X99-F8 GAMING Motherboard 07/25/2020
Stars: ✭ 43 (-14%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+216%)
RaspberrypipkgDEPRECATED - DO NOT USE | Go here instead ->
Stars: ✭ 758 (+1416%)
Mu plusMicrosoft Core UEFI Value
Stars: ✭ 95 (+90%)
Uefi retoolA tool for UEFI firmware reverse engineering
Stars: ✭ 227 (+354%)
PawnExtract BIOS firmware from Intel-based workstations and laptops
Stars: ✭ 214 (+328%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-10%)
QilingQiling Advanced Binary Emulation Framework
Stars: ✭ 2,816 (+5532%)
Edk2EDK II
Stars: ✭ 2,624 (+5148%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+144%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+1716%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (+102%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-36%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-18%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-54%)
ir scriptsincident response scripts
Stars: ✭ 17 (-66%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+252%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+348%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+420%)