Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for dfir
dfir
x
308 search results found
Get Networkconnection
⭐
29
Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Meat
⭐
28
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Calamity
⭐
28
A script to assist in processing forensic RAM captures for malware triage
Pstrace
⭐
27
Trace ScriptBlock execution for powershell v2
Xways Forensics
⭐
27
Personal settings for X-Ways Forensics
Evilize
⭐
26
Parses Windows event logs files based on SANS Poster
Docker Volatility
⭐
26
Volatility Dockerfile
Directoryopus Dfirconfig
⭐
26
A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life easier with various file management tasks.
Cortex4py
⭐
26
Python API Client for Cortex
Isodump
⭐
25
isodump - ISO dump utility
Whacamole
⭐
24
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
Aucr
⭐
24
Analyst Unknown Cyber Range - a micro web service framework
Tigma
⭐
24
Sigma Engine implementation in TypeScript
Ta Sysmon Deploy
⭐
24
Deploy and maintain Symon through the Splunk Deployment Sever
Cve 2020 1206 Poc
⭐
23
CVE-2020-1206 Uninitialized Kernel Memory Read POC
Awesome Linux Attack Forensics Purplelabs
⭐
23
This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.
Utils
⭐
23
Different DFIR and CTI utilities
Hstsparser
⭐
22
A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
Truehunter
⭐
22
Truehunter
Rbcmd
⭐
22
Recycle bin artifact parser
Evtx2json
⭐
21
evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
Splunk Etw
⭐
21
A Splunk Technology Add-on to forward filtered ETW events.
Opensource Endpoint Monitoring
⭐
21
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Ds4n6_scripts
⭐
20
Library of python scripts to apply Data Science in several forensics artifacts
Geoipsed
⭐
20
Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust
Ccxdigger
⭐
19
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Forensicssetup
⭐
19
An open source project aimed to replicate the Windows SIFT Machine and tools used during SANS Courses minus any payware software.
Anti Forensics Vhdx
⭐
19
A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. Please add a new issue if you have an idea for something to add.
Yara Validator
⭐
18
Validates yara rules and tries to repair the broken ones.
Citrix Netscaler Triage
⭐
17
Dissect triage script for Citrix NetScaler devices
Threathunting Keywords Yara Rules
⭐
17
yara detection rules for hunting with the threathunting-keywords project
Jphotodna
⭐
17
CLI Java wrapper for the PhotoDNA library
Pyarascanner
⭐
17
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Prefetch Hash Cracker
⭐
17
A small util to brute-force prefetch hashes
Awesome Infosecnz
⭐
16
Cdir A
⭐
16
CDIR Analyzer - parsers for data collected by CDIR Collector
Ir_scripts
⭐
15
incident response scripts
Volatility Docker
⭐
15
A suite of Volatility 3 plugins for memory forensics of Docker containers
Unix_collector
⭐
15
A live forensic collection script for UNIX-like systems.
Thehivehooks
⭐
15
This is a python tool aiming to make using TheHive webhooks easier.
Ddttx
⭐
15
DDTTX Tabletop Trainings
Defender Dump
⭐
15
Dump quarantined files from Windows Defender
Ufdr2dir
⭐
14
A script to convert a Cellebrite UFDR to the original file structure.
Dfdewey
⭐
14
O365auditparser
⭐
14
Microsoft Office365 Protection Center Audit Log Parser
Macripper
⭐
14
A DFIR tool to analyze artifacts on macOS
Urlyzer
⭐
13
urlyzer is a URL parsing analysis tool.
Iris Client
⭐
13
Python client for DFIR-IRIS
Yara Rules
⭐
13
Links to malware-related YARA rules
Osint_to_timesketch
⭐
13
Virustotal Data to Timesketch
Pywindowsthingies
⭐
13
Windows Thingies in Python for live use.
Osxripper
⭐
12
Tool to rip system and user data from OSX and macOS
Dfir Orc Config
⭐
12
Configurations for DFIR ORC
Simpleimager
⭐
12
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
Maldump
⭐
12
Multi-quarantine extractor
Dfir Tools
⭐
12
All the useful tools interesting to be used
Apollon
⭐
12
Proof-of-Concept to evade auditd by writing /proc/PID/mem
Packrat
⭐
12
Live system forensic collector
Mgreen27.github.io
⭐
12
Matt's DFIR blog
Thehive Resources
⭐
12
A repository to share contributions related to TheHive Project
Threathunting_with_osquery
⭐
11
Threat Hunting & Incident Investigation with Osquery
Cyberbodega
⭐
11
A conglomeration of resources for any color of the rainbow
Threathunter Playbook
⭐
11
Hashlookup Gui
⭐
10
Provides a multi-platform Graphical User Interface for hashlookup
Azureforensics
⭐
10
__dfir Scripts
⭐
10
Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment
Timesketch Cli
⭐
10
A dedicated repo to interact with the API of Timesketch
Ansible Volatility
⭐
10
An Ansible role for deploying the Volatility memory forensics framework.
Pythonforensics
⭐
9
Jupyter Notebooks from Python as a Forensic Tool presentation
Digitalshadows2th
⭐
9
DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Sighunter
⭐
9
A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatches
Log File Decrufter
⭐
9
Dfir
⭐
9
The other DFIR: Deeper Functionality for Investigators with R
Annotationis
⭐
9
Various notes/memoranda
Aisle25
⭐
9
Detect leaks in security event logs.
Dfir
⭐
9
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
User_accounts_hunting
⭐
9
The scrip will help you to find some values info for the user that you need as DFIR
Dfir_reference
⭐
8
Dfir.science
⭐
8
The DFIR.Science research blog about digital forensic investigation.
Chronos
⭐
8
python framework to parse logs for IR
Dfirnotes
⭐
8
DFIR notebooks GCIH Gold project, paper
Mac_int
⭐
8
macOS Artifact Intelligence Tool
Fishy
⭐
8
Toolkit for Filesystem based Data Hiding Techniques.
Pcaparser
⭐
7
A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca
Pe_analyzer
⭐
7
Zerofox2th
⭐
7
Zerofox Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Walletsleuth
⭐
7
Cryptocurrency Triage Tool - Identify multiple cryptocurrency addresses from various wallet applications!
Autoripy
⭐
7
Attempt to replicate the functions of auto_rip by Corey Harrell in Python.
Dfir
⭐
7
Collection of popular DFIR tools in a lightweight and fast docker image
Forensic Artifact Automation
⭐
6
A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing open-source tools, such as Kape (Kroll Artifact Parser and Extractor), to forensically acquire and process necessary artifact used in compromise assessments. Additional scripts provide pre-processing automation capabilities and other supporting functions.
Get Minitimeline
⭐
6
Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
Ansible Grr
⭐
6
Ansible role to setup GRR Rapid Response
Awesome Soc Appliances
⭐
6
A curated list of FOSS software appliances for building a SOC
Groundtruths
⭐
6
Knowledgebase of universal truths and technical analysis caveats for CTI and DFIR, in one place.
Cybersecurity Playground
⭐
6
CyberSecurity Resources (Threat Intelligence, Malware Analysis, Pentesting, DFIR, etc)
Invoke Bitsparser
⭐
6
Sharing my BITS
Rds4xways
⭐
6
Extract SHA1 from Reference Data Set (RDS) provided by the National Software Reference Library (NSRL) for X-Ways Forensics (or any other tool that uses SHA1).
Autopsy Reversinglabs Plugin
⭐
5
ReversingLabs hash query plugin for Autopsy forensics platform. Requires ReversingLabs API credentials.
Certwatcher
⭐
5
Experimental certificate livestream using CaliDog/certstream-python and some rules to filter the feed
Packettrail
⭐
5
Associates netflow data with system processes and logs to syslog
201-300 of 308 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.