Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for forensics dfir
dfir
x
forensics
x
102 search results found
Awesome Incident Response
⭐
6,852
A curated list of tools for incident response
Chainsaw
⭐
2,519
Rapidly Search and Hunt through Windows Forensic Artefacts
Timesketch
⭐
2,435
Collaborative forensic timeline analysis
Hayabusa
⭐
1,800
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Digital Forensics Guide
⭐
1,232
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Hindsight
⭐
925
Web browser forensics for Google Chrome/Chromium
Memlabs
⭐
689
Educational, CTF-styled labs for individuals interested in Memory Forensics
Turbinia
⭐
689
Automation and Scaling of Digital Forensics Tools
Osx Security Awesome
⭐
687
A collection of OSX and iOS security resources
Forensicstools
⭐
682
A list of free and open forensics analysis tools and other resources
Mac_apt
⭐
675
macOS (& ios) Artifact Parsing Tool
Diffy
⭐
635
⛔ (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Linuxforensics
⭐
611
Everything related to Linux Forensics
Uac
⭐
550
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Awesome Event Ids
⭐
515
Collection of Event ID ressources useful for Digital Forensics and Incident Response
Recuperabit
⭐
499
A tool for forensic file system reconstruction.
Wela
⭐
494
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Cloud Forensics Utils
⭐
418
Python library to carry out DFIR analysis on the Cloud
Adtimeline
⭐
398
Timeline of Active Directory changes with replication metadata
Swap_digger
⭐
376
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Enablewindowslogsettings
⭐
343
Documentation and scripts to properly enable Windows event logs.
Ir Rescue
⭐
309
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Forensictools
⭐
270
Collection of forensic tools
Threathunting Keywords
⭐
252
Awesome list of keywords for Threat Hunting sessions
Dfir Toolkit
⭐
222
CLI tools for forensic investigation of Windows artifacts
Userline
⭐
217
Query and report user logons relations from MS Windows Security Events
Dfir O365rc
⭐
214
PowerShell module for Office 365 and Azure log collection
Varc
⭐
210
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Pypowershellxray
⭐
184
Python script to decode common encoded PowerShell scripts
Emailanalyzer
⭐
183
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.
Mindmaps
⭐
172
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Regrippy
⭐
166
A modern Python-3-based alternative to RegRipper
Dfir_ntfs
⭐
166
An NTFS/FAT parser for digital forensics & incident response
Windowstimeline
⭐
155
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
Win10
⭐
149
Win 10/11 related research
Invoke Liveresponse
⭐
141
Invoke-LiveResponse
Cdir
⭐
120
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Dfir4vsphere
⭐
110
Powershell module for VMWare vSphere forensics
Mftecmd
⭐
110
Parses $MFT from NTFS file systems
Autotimeliner
⭐
108
Automagically extract forensic timeline from volatile memory dump
Rdpcachestitcher
⭐
106
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Itunes_backup_reader
⭐
98
Python 3 Script to parse out iTunes backups
Forensicminer
⭐
98
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Dfir Toolset
⭐
88
Dump of organized knowledge on DFIR
Ma2tl
⭐
84
macOS forensic timeline generator using the analysis result DBs of mac_apt
Macosac
⭐
71
Forensic Artifact Collection Tool for macOS
Ad Privileged Audit
⭐
71
Provides various Windows Server Active Directory (AD) security-focused reports.
Queries
⭐
60
SQLite queries
Check_rep
⭐
58
Check IP or Domain reputation against open-source Blacklists.
Eventtranscriptparser
⭐
58
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Etl Parser
⭐
57
Event Trace Log file parser in pure Python
Artifacts
⭐
56
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Windows Forensic Artifacts
⭐
51
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. Work in progress!
Sidr
⭐
47
Search Index Database Reporter
Indxripper
⭐
45
Carve file metadata from NTFS index ($I30) attributes
Neolea Training Materials
⭐
45
Open source training materials for law-enforcement and organisations interested in DFIR.
Artifactextractor
⭐
44
Extract common Windows artifacts from source images and VSCs
Macostriagetool
⭐
39
A DFIR tool to collect artifacts on macOS
Bgiparser
⭐
39
A parsing tool for backgrounditems.btm
Dcfldd
⭐
39
dcfldd - enhanced version of dd for forensics and security
Leveldbdumper
⭐
37
Dumps all of the Key/Value pairs from a LevelDB database
Xleapp
⭐
37
xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP
Dnslog
⭐
36
Minimalistic DNS logging tool
Getconsolehistoryandoutput
⭐
36
An Incident Response tool to extract console command history and screen output buffer
Osdfir Infrastructure
⭐
35
Helm charts for running open source digital forensic tools in Kubernetes
Ds4n6_lib
⭐
32
Library of functions to apply Data Science in several forensics artifacts
Prefetch Browser
⭐
32
Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's
Timeliner
⭐
30
A rewrite of mactime, a bodyfile reader
Elrond
⭐
30
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
Meat
⭐
28
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Pstrace
⭐
27
Trace ScriptBlock execution for powershell v2
Xways Forensics
⭐
27
Personal settings for X-Ways Forensics
Docker Volatility
⭐
26
Volatility Dockerfile
Truehunter
⭐
22
Truehunter
Hstsparser
⭐
22
A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
Evtx2json
⭐
21
evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
Ds4n6_scripts
⭐
20
Library of python scripts to apply Data Science in several forensics artifacts
Ccxdigger
⭐
19
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Forensicssetup
⭐
19
An open source project aimed to replicate the Windows SIFT Machine and tools used during SANS Courses minus any payware software.
Prefetch Hash Cracker
⭐
17
A small util to brute-force prefetch hashes
Cdir A
⭐
16
CDIR Analyzer - parsers for data collected by CDIR Collector
Ir_scripts
⭐
15
incident response scripts
Unix_collector
⭐
15
A live forensic collection script for UNIX-like systems.
Defender Dump
⭐
15
Dump quarantined files from Windows Defender
Dfdewey
⭐
14
Ufdr2dir
⭐
14
A script to convert a Cellebrite UFDR to the original file structure.
Iris Client
⭐
13
Python client for DFIR-IRIS
Yara Rules
⭐
13
Links to malware-related YARA rules
Simpleimager
⭐
12
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
Osxripper
⭐
12
Tool to rip system and user data from OSX and macOS
Packrat
⭐
12
Live system forensic collector
Maldump
⭐
12
Multi-quarantine extractor
Threathunting_with_osquery
⭐
11
Threat Hunting & Incident Investigation with Osquery
Ansible Volatility
⭐
10
An Ansible role for deploying the Volatility memory forensics framework.
Dfir
⭐
9
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
Annotationis
⭐
9
Various notes/memoranda
Pythonforensics
⭐
9
Jupyter Notebooks from Python as a Forensic Tool presentation
Chronos
⭐
8
python framework to parse logs for IR
Dfir.science
⭐
8
The DFIR.Science research blog about digital forensic investigation.
Dfir
⭐
7
Collection of popular DFIR tools in a lightweight and fast docker image
1-100 of 102 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.