Tools for the Computer Incident Response Team
created at Oct. 19, 2015, 3:50 p.m.
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
created at May 13, 2021, 10:33 p.m.
Remote Memory Acquisition Tool
created at Aug. 9, 2016, 5:39 p.m.
A modular Python application to pull intelligence about malicious files
created at Aug. 30, 2016, 5:35 p.m.
"Evolving AppCompat/AmCache data analysis beyond grep"
created at April 2, 2017, 6:11 p.m.
Cyber Incident Response Team Playbook Battle Cards
created at Oct. 27, 2019, 4:28 a.m.
Traceroute improved wrapper for CSIRT and CERT operators
created at Dec. 5, 2010, 3:08 p.m.
A Python library and command line tools to provide interactive log visualization.
created at Oct. 11, 2016, 3:33 p.m.
PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
created at Sept. 14, 2017, 9:15 a.m.
$MFT directory tree reconstruction & FILE record info
created at Dec. 26, 2020, 2:28 a.m.
Command line utility and Python package to ease the (un)mounting of forensic disk images
created at Feb. 3, 2014, 10:27 a.m.