dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

created at July 29, 2016, 1:54 p.m.

27 +0

296 -1

72 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

created at Jan. 14, 2016, 4:48 p.m.

30 +0

334 +0

50 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

created at Jan. 3, 2023, 4:51 p.m.

10 +0

338 +0

43 +0

catalyst by SecurityBrewery

⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident response processes

created at Dec. 12, 2021, 11:37 p.m.

7 +0

350 +4

37 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

360 +0

67 +1

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

created at Sept. 20, 2019, 9:30 a.m.

26 -1

387 +1

42 +0

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

created at Nov. 30, 2015, 1:55 p.m.

72 +0

395 +1

178 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

created at July 31, 2018, 11:25 p.m.

43 +0

417 +0

58 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

423 +0

97 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

created at Feb. 8, 2018, 11:30 a.m.

31 +0

435 +0

82 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

created at June 30, 2017, 10:20 a.m.

48 +0

462 +0

110 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

created at Aug. 2, 2016, 9:01 p.m.

44 +0

465 +0

95 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

63 +0

472 +0

201 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

482 +0

75 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

485 +2

67 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

38 +0

491 +0

70 +0

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

506 +1

126 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

26 +0

557 +3

126 +3

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

586 +2

85 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

created at July 6, 2016, 11:02 a.m.

82 +0

598 +0

125 +0