SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

created at May 4, 2023, 4:51 p.m.

5 +0

37 +0

3 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

created at Jan. 3, 2023, 4:51 p.m.

10 +0

338 +0

43 +0

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

created at Oct. 9, 2022, 7:49 p.m.

10 +0

155 +2

18 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

created at July 21, 2022, 8:26 a.m.

22 +0

924 +3

65 +1

acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

created at July 20, 2022, 1:09 p.m.

15 +0

91 +0

26 +0

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

22 +0

1,472 +8

100 +0

mutablesecurity by MutableSecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

created at March 15, 2022, 11:25 a.m.

1 +0

43 +0

7 +0

iris-web by dfir-iris

Collaborative Incident Response platform

created at Dec. 20, 2021, 8:19 a.m.

28 +0

1,079 +5

184 +2

catalyst by SecurityBrewery

⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes

created at Dec. 12, 2021, 11:37 p.m.

7 +0

350 +4

37 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

586 +2

85 +0

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

created at Aug. 13, 2021, 1:07 p.m.

53 +0

2,876 +12

264 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

18 +0

763 +1

82 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

25 +0

680 +1

91 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

created at Dec. 26, 2020, 9:52 p.m.

47 +0

1,255 +3

239 +1

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

created at Dec. 26, 2020, 2:28 a.m.

13 +0

292 +0

32 +0

fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

created at Nov. 3, 2020, 10:17 p.m.

36 +2

3,119 +12

431 +4

Raccine by Neo23x0

A Simple Ransomware Vaccine

created at Oct. 3, 2020, 11:30 a.m.

43 +0

944 +0

122 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

47 +0

2,710 +5

363 +2

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

created at Sept. 18, 2020, 5:04 a.m.

42 +1

2,305 +15

203 +0

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2