MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at May 23, 2024, 7:16 a.m.

36 +0

472 +1

68 +0

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

updated at May 23, 2024, 6:57 a.m.

27 +0

359 +1

41 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at May 23, 2024, 2:17 a.m.

12 +0

205 +2

19 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at May 22, 2024, 9:09 p.m.

18 +0

866 +2

60 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

updated at May 22, 2024, 7:24 p.m.

17 +0

340 +2

61 +2

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

updated at May 22, 2024, 5:58 p.m.

144 +0

2,138 +1

392 +0

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

updated at May 22, 2024, 1:30 p.m.

68 +0

1,011 +1

222 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

updated at May 22, 2024, 9:02 a.m.

43 +0

940 +2

123 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

updated at May 22, 2024, 7:34 a.m.

42 +0

800 +2

147 +0

viper by viper-framework

Binary analysis and management framework

updated at May 22, 2024, 6:44 a.m.

148 +1

1,534 +1

352 +0

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

updated at May 22, 2024, 5:52 a.m.

14 +0

177 +1

31 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at May 22, 2024, 2:57 a.m.

15 +0

135 +1

36 +0

RegRipper3.0 by keydet89

RegRipper3.0

updated at May 21, 2024, 11:30 a.m.

27 +0

496 +3

121 +1

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

updated at May 21, 2024, 8:16 a.m.

159 +0

1,361 +1

276 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at May 21, 2024, 3:44 a.m.

84 -1

1,201 +1

184 +0

morgue by etsy

post mortem tracker

updated at May 21, 2024, 12:59 a.m.

75 +0

1,013 +1

132 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

updated at May 20, 2024, 6:19 p.m.

49 +0

440 +1

107 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at May 20, 2024, 6:15 p.m.

125 +0

1,861 +1

240 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at May 20, 2024, 2:51 p.m.

44 +0

410 +1

58 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at May 20, 2024, 1:19 p.m.

75 +0

635 +1

151 +0