Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

updated at April 16, 2024, 12:32 a.m.

13 +0

144 +0

29 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at April 25, 2024, 5:48 p.m.

10 +0

187 +0

18 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

updated at April 27, 2024, 8:49 a.m.

82 +0

596 +0

139 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at April 27, 2024, 8:50 a.m.

17 +0

235 +0

50 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at April 27, 2024, 8:50 a.m.

143 +0

635 +0

59 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

updated at April 27, 2024, 4:08 p.m.

183 +0

3,130 +0

283 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at May 2, 2024, 7:34 a.m.

18 +0

234 +0

53 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at May 4, 2024, 9:59 p.m.

18 +0

173 +0

39 +0

playbooks by phantomcyber

Phantom Community Playbooks

updated at May 6, 2024, 8:19 a.m.

61 +0

453 +0

192 +1

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

updated at May 7, 2024, 9:13 a.m.

10 +0

126 +0

15 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at May 7, 2024, 12:53 p.m.

6 +0

19 +0

7 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

updated at May 7, 2024, 8:16 p.m.

11 +0

138 +0

22 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at May 10, 2024, 7:34 a.m.

30 +0

328 +0

51 +0

SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at May 10, 2024, 9:09 a.m.

4 +0

36 +0

3 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at May 10, 2024, 10:48 a.m.

10 +0

310 +0

42 +1

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at May 11, 2024, 9:15 p.m.

17 +0

678 +0

74 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at May 13, 2024, 6:36 a.m.

30 +0

649 +0

123 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at May 13, 2024, 1:35 p.m.

57 +0

421 +0

97 +0

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

updated at May 14, 2024, 12:11 p.m.

17 +0

114 +0

25 +0

mutablesecurity by MutableSecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

updated at May 14, 2024, 9:23 p.m.

1 +0

42 +0

7 +0