LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

created at Sept. 23, 2014, 4:23 p.m.

81 +0

1,724 +0

340 +1

winreg-kb by libyal

Windows Registry Knowledge Base

created at Sept. 28, 2014, 5:15 a.m.

15 +0

162 +0

20 +0

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

created at Oct. 13, 2014, 9:26 p.m.

101 +0

1,790 +2

238 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

74 +0

1,062 +1

206 +0

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

184 +0

3,402 +7

583 +0

VolatilityBot by mkorman90

VolatilityBot – An automated memory analyzer for malware samples and memory dumps

created at Feb. 4, 2015, 3:13 p.m.

27 +0

263 +0

59 +0

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

created at March 7, 2015, 5:12 p.m.

158 +0

1,385 -1

274 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

created at March 24, 2015, 8:15 p.m.

301 +0

3,076 +3

522 +1

evolve by JamesHabben

Web interface for the Volatility Memory Forensics Framework

created at April 14, 2015, 1:26 a.m.

38 +0

259 +0

42 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

193 +1

50 +0

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

created at April 24, 2015, 10:18 a.m.

4 +0

24 +0

3 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

127 +0

2,023 +8

531 +2

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

created at May 25, 2015, 7:48 p.m.

13 +0

183 +0

29 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

423 +0

97 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

63 +0

472 +0

201 +0

IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

created at Sept. 4, 2015, 8:51 a.m.

17 +0

130 +0

23 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

created at Oct. 8, 2015, 3:55 a.m.

41 +0

697 +3

103 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

created at Oct. 19, 2015, 3:50 p.m.

20 +0

142 +0

25 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

created at Oct. 20, 2015, 2:03 p.m.

32 +0

752 +1

82 +0

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

506 +1

126 +0