cuckoo-modified by spender-sandbox

Modified edition of cuckoo

created at Nov. 30, 2015, 1:55 p.m.

72 +0

395 +1

178 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

created at Jan. 14, 2016, 4:48 p.m.

30 +0

334 +0

50 +0

Fastir_Collector_Linux by SekoiaLab

None

created at Jan. 25, 2016, 2:10 p.m.

23 +0

173 +1

42 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

created at Jan. 30, 2016, 4:58 a.m.

75 +1

650 +5

148 +0

IRM by certsocietegenerale

Incident Response Methodologies 2022

created at Feb. 29, 2016, 8:52 a.m.

44 +0

978 +4

160 +1

fibratus by rabbitstack

Adversary tradecraft detection, protection, and hunting

created at March 25, 2016, 11:28 a.m.

70 +0

2,210 +0

190 +0

awesome-forensics by cugu

⭐️ A curated list of awesome forensic analysis tools and resources

created at March 29, 2016, 8:54 p.m.

174 +0

3,995 +15

623 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

created at April 22, 2016, 1:25 a.m.

35 +0

186 +0

54 +0

doorman by mwielgoszewski

an osquery fleet manager

created at April 22, 2016, 7:31 p.m.

33 +0

621 +1

90 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

created at July 6, 2016, 11:02 a.m.

82 +0

598 +0

125 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

created at July 29, 2016, 1:54 p.m.

27 +0

296 -1

72 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

created at Aug. 2, 2016, 9:01 p.m.

44 +0

465 +0

95 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

242 +1

50 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

created at Aug. 22, 2016, 8:25 p.m.

30 +0

262 +0

51 +0

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

created at Aug. 30, 2016, 5:35 p.m.

17 +0

118 +0

25 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

created at Sept. 6, 2016, 10:14 p.m.

32 +0

645 +3

88 -1

Panorama by AlmCo

Fast incident overview

created at Sept. 12, 2016, 8:35 p.m.

3 +0

39 +0

7 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

created at Sept. 25, 2016, 4:15 p.m.

6 +0

21 +0

7 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

137 +0

30 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

38 +0

491 +0

70 +0