hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

created at May 22, 2014, 3:25 a.m.

67 +0

1,021 +0

134 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

73 -1

985 +1

202 +0

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

created at Oct. 5, 2017, 11:44 p.m.

50 +0

967 +0

148 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

created at Oct. 9, 2017, 11:04 a.m.

42 +0

797 +0

147 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

created at Oct. 20, 2015, 2:03 p.m.

31 +0

721 +1

82 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

created at Aug. 24, 2017, 3:37 p.m.

44 +0

719 +1

99 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

30 +0

648 +2

123 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

143 +0

635 +0

60 +0

doorman by mwielgoszewski

an osquery fleet manager

created at April 22, 2016, 7:31 p.m.

33 +0

616 +0

95 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

24 +0

601 +3

84 +0

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

502 +0

128 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

469 +1

68 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

465 +1

75 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

61 +0

453 +1

191 +1

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

created at Nov. 30, 2015, 1:55 p.m.

72 +0

388 +0

178 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

created at Jan. 14, 2016, 4:48 p.m.

30 +0

328 +1

52 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

created at July 29, 2016, 1:54 p.m.

25 +0

276 +3

67 +0

VolatilityBot by mkorman90

VolatilityBot – An automated memory analyzer for malware samples and memory dumps

created at Feb. 4, 2015, 3:13 p.m.

27 +0

259 +0

59 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

created at Aug. 22, 2016, 8:25 p.m.

30 +0

258 +0

52 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

created at Sept. 7, 2017, 6:25 a.m.

24 +0

244 +0

64 +0