spyre by spyre-project

simple YARA-based IOC scanner

updated at Oct. 19, 2024, 2:56 p.m.

12 +0

164 +0

27 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at Oct. 21, 2024, 7:56 a.m.

17 +0

238 +0

53 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at Oct. 21, 2024, 10:37 a.m.

18 +0

174 +0

40 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at Oct. 21, 2024, 10:37 a.m.

43 +0

417 +0

58 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

updated at Oct. 21, 2024, 2:10 p.m.

17 +0

360 +0

67 +1

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at Oct. 22, 2024, 7:12 p.m.

4 +0

24 +0

3 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

updated at Oct. 23, 2024, 6:23 p.m.

82 +0

598 +0

125 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at Oct. 24, 2024, 2:56 a.m.

57 +0

423 +0

97 +0

viper by viper-framework

Binary analysis and management framework

updated at Oct. 25, 2024, 1:49 a.m.

148 +0

1,539 +0

350 +0

SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at Oct. 25, 2024, 7:56 a.m.

5 +0

37 +0

3 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at Oct. 29, 2024, 9:41 p.m.

13 +0

292 +0

32 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

updated at Oct. 30, 2024, 3:26 p.m.

35 +0

186 +0

54 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

updated at Nov. 1, 2024, 5:08 p.m.

44 +0

465 +0

95 +0

artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

updated at Nov. 2, 2024, 12:41 a.m.

7 +0

75 +0

16 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

updated at Nov. 2, 2024, 2:03 p.m.

151 +0

2,168 +0

328 +0

scot by sandialabs

Sandia Cyber Omni Tracker (SCOT)

updated at Nov. 4, 2024, 2:36 p.m.

37 +0

245 +0

48 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

updated at Nov. 4, 2024, 9:17 p.m.

38 +0

491 +0

70 +0

acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

updated at Nov. 5, 2024, 6:53 a.m.

15 +0

91 +0

26 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at Nov. 6, 2024, 1:20 a.m.

10 +0

338 +0

43 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

updated at Nov. 6, 2024, 2:24 a.m.

182 +0

3,128 +0

280 +0