Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for dfir
dfir
x
308 search results found
Windowstimeline
⭐
155
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
Mthc
⭐
154
All-in-one bundle of MISP, TheHive and Cortex
Zombieant
⭐
149
Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Win10
⭐
149
Win 10/11 related research
Gene
⭐
149
Signature engine for all your logs
Imago Forensics
⭐
144
Imago is a python tool that extract digital evidences from images.
Invoke Liveresponse
⭐
141
Invoke-LiveResponse
Cirtkit
⭐
140
Tools for the Computer Incident Response Team 💻
Cops
⭐
138
Collaborative Open Playbook Standard
Oriana
⭐
136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Rita J
⭐
134
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
Awesome Kape
⭐
123
A curated list of KAPE-related resources
Cdir
⭐
120
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Fucking Awesome Incident Response
⭐
113
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Mftecmd
⭐
110
Parses $MFT from NTFS file systems
Dfir4vsphere
⭐
110
Powershell module for VMWare vSphere forensics
Autotimeliner
⭐
108
Automagically extract forensic timeline from volatile memory dump
Recmd
⭐
106
Command line access to the Registry
Cacador
⭐
106
Indicator Extractor
Rdpcachestitcher
⭐
106
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Hashlookup Forensic Analyser
⭐
105
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Hayabusa Rules
⭐
101
Detection rules for Hayabusa
Vanillawindowsreference
⭐
99
A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update. Use these CSVs to create your own known good hash sets!
Ccl_chrome_indexeddb
⭐
98
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Itunes_backup_reader
⭐
98
Python 3 Script to parse out iTunes backups
Forensicminer
⭐
98
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Yaralyzer
⭐
95
Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
Onedrive
⭐
91
OneDrive log .ODL reader
Dfir Toolset
⭐
88
Dump of organized knowledge on DFIR
Leaf
⭐
85
Linux Evidence Acquisition Framework
Ma2tl
⭐
84
macOS forensic timeline generator using the analysis result DBs of mac_apt
Amcacheparser
⭐
83
Parses amcache.hve files, but with a twist!
Appcompatcacheparser
⭐
80
AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10
Docker Templates
⭐
78
Docker configurations for TheHive, Cortex and 3rd party tools
Lw Yara
⭐
78
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Bluecloud
⭐
74
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Pftriage
⭐
73
Python tool and library to help analyze files during malware triage and analysis.
Macosac
⭐
71
Forensic Artifact Collection Tool for macOS
Ad Privileged Audit
⭐
71
Provides various Windows Server Active Directory (AD) security-focused reports.
Threathunt
⭐
70
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Hackinbo
⭐
63
Official Collection of Slides and Programs of HackInBo®
Btg
⭐
62
BTG's purpose is to make fast and efficient search on IOC
Queries
⭐
60
SQLite queries
Jlecmd
⭐
59
Automatic and Custom Destinations jump list parser with Windows 10 support
Check_rep
⭐
58
Check IP or Domain reputation against open-source Blacklists.
Eventtranscriptparser
⭐
58
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Etl Parser
⭐
57
Event Trace Log file parser in pure Python
Dfir Detection Engineering
⭐
57
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forense y detección de técnicas utilizadas por actores maliciosos para la evasión de sistemas de protección y monitorización.
Artifacts
⭐
56
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Kiewtai
⭐
55
A port of Kaitai to the Hiew hex editor
Incidents
⭐
55
Please use https://github.com/veeral-patel/true-positive instead
Windows Forensic Artifacts
⭐
51
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. Work in progress!
Cybersecurity_conferences
⭐
48
List of some cybersecurity conferences
Concordance
⭐
48
Term concordances for each course in the SANS DFIR curriculum. Used for automated index generation.
Hunting Queries Detection Rules
⭐
47
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
Ransomcoinpublic
⭐
47
A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries.
Sidr
⭐
47
Search Index Database Reporter
Historicprocesstree
⭐
46
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Indxripper
⭐
45
Carve file metadata from NTFS index ($I30) attributes
Zeek Docs
⭐
45
Documentation for Zeek
Neolea Training Materials
⭐
45
Open source training materials for law-enforcement and organisations interested in DFIR.
Artifactextractor
⭐
44
Extract common Windows artifacts from source images and VSCs
Ossec Sysmon
⭐
43
A Ruleset to enhance detection capabilities of Ossec using Sysmon
Power Response
⭐
43
Powering Up Incident Response with Power-Response
Scripting
⭐
42
PS / Bash / Python / Other scripts For FUN!
Elementary
⭐
41
🕵️ Process and show forensic artifacts (e.g. eventlogs, usb devices, network devices...) in forensicstores
Blazescan
⭐
41
Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.
Compsec
⭐
41
Exercises for (legacy) Computer Security course in the University of Oulu
Autorunner
⭐
41
Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
Synapse
⭐
40
Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform
Dfirregex
⭐
40
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Kape Eztoolsancillaryupdater
⭐
40
A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhance the output of those tools
Deobshell
⭐
39
Powershell script deobfuscation using AST in Python
Bgiparser
⭐
39
A parsing tool for backgrounditems.btm
Dcfldd
⭐
39
dcfldd - enhanced version of dd for forensics and security
Macostriagetool
⭐
39
A DFIR tool to collect artifacts on macOS
Atmmalscan
⭐
38
Loki2
⭐
38
LOKI2 - Simple IOC and YARA Scanner
Leveldbdumper
⭐
37
Dumps all of the Key/Value pairs from a LevelDB database
Misp Wireshark
⭐
37
Lua plugin to extract data from Wireshark and convert it into MISP format
Xleapp
⭐
37
xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP
Getconsolehistoryandoutput
⭐
36
An Incident Response tool to extract console command history and screen output buffer
Dnslog
⭐
36
Minimalistic DNS logging tool
Dfir
⭐
35
Incident response teams usually working on the offline data, collecting the evidence, then analyze the data
Osdfir Infrastructure
⭐
35
Helm charts for running open source digital forensic tools in Kubernetes
Fastfinder
⭐
34
Incident Response - Fast suspicious file finder
Pshero
⭐
34
PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
Ds4n6_lib
⭐
32
Library of functions to apply Data Science in several forensics artifacts
Decap
⭐
32
Prefetch Browser
⭐
32
Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's
Threathunting Keywords Sigma Rules
⭐
32
Sigma detection rules for hunting with the threathunting-keywords project
Pofr
⭐
31
Penguin OS Forensic (or Flight) Recorder
Logboost
⭐
31
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, Domain, ASN, DNS and Threat Indicator matches.
Vault For Incident Responders
⭐
31
Things to know when DFIR occurs near a vault deployment.
Hashlookup Server
⭐
30
Fast lookup server for NSRL and other hash database used in digital forensic
Factual Rules Generator
⭐
30
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Eventtranscript.db Research
⭐
30
A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Timeliner
⭐
30
A rewrite of mactime, a bodyfile reader
Elrond
⭐
30
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
Windowsdfir
⭐
30
Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
101-200 of 308 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.