CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

created at Oct. 19, 2015, 3:50 p.m.

19 +0

140 +0

25 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

created at July 21, 2022, 8:26 a.m.

19 +0

880 +3

61 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

18 +0

235 +0

53 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

18 +1

726 +19

77 +2

mastiff by KoreLogicSecurity

Malware static analysis framework

created at July 15, 2014, 8:23 p.m.

18 +0

173 +0

39 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

236 +0

51 +1

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

created at Aug. 30, 2016, 5:35 p.m.

17 +0

115 +1

25 +0

IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

created at Sept. 4, 2015, 8:51 a.m.

17 +0

125 +1

26 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

created at April 2, 2017, 6:11 p.m.

17 +0

190 +0

26 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

345 +1

63 +1

traceroute-circl by CIRCL

Traceroute improved wrapper for CSIRT and CERT operators

created at Dec. 5, 2010, 3:08 p.m.

16 +0

36 +0

9 +0

winreg-kb by libyal

Windows Registry Knowledge Base

created at Sept. 28, 2014, 5:15 a.m.

16 +0

153 +1

19 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

136 +0

36 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

created at Sept. 14, 2017, 9:15 a.m.

15 +0

36 +0

6 +0

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

created at May 25, 2015, 7:48 p.m.

14 +0

177 +0

31 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

created at Dec. 26, 2020, 2:28 a.m.

13 +0

281 +0

31 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

created at Jan. 14, 2018, 9:42 a.m.

13 +0

145 +0

29 +0

imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

created at Feb. 3, 2014, 10:27 a.m.

13 +0

114 +0

36 +0

spyre by spyre-project

simple YARA-based IOC scanner

created at May 28, 2018, 7:07 p.m.

12 +0

159 +0

27 +0

acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

created at July 20, 2022, 1:09 p.m.

12 +0

79 +1

18 +0