RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at Nov. 6, 2024, 3:15 a.m.

84 +0

1,247 +0

193 +0

winreg-kb by libyal

Windows Registry Knowledge Base

updated at Nov. 6, 2024, 2:18 p.m.

15 +0

162 +0

20 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at Nov. 6, 2024, 2:25 p.m.

125 +0

1,875 +0

243 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

updated at Nov. 6, 2024, 8:46 p.m.

43 +0

944 +0

122 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at Nov. 7, 2024, 6:55 a.m.

17 +0

197 +0

25 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

updated at Nov. 7, 2024, 5:01 p.m.

48 +0

462 +0

110 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

updated at Nov. 8, 2024, 5:21 p.m.

11 +0

148 +0

23 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at Nov. 9, 2024, 11:40 p.m.

30 +0

334 +0

50 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

updated at Nov. 11, 2024, 12:25 a.m.

24 +0

586 +2

85 +0

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

updated at Nov. 11, 2024, 7:14 a.m.

10 +0

155 +2

18 +0

doorman by mwielgoszewski

an osquery fleet manager

updated at Nov. 11, 2024, 10:40 a.m.

33 +0

621 +1

90 +0

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

updated at Nov. 11, 2024, 12:04 p.m.

72 +0

395 +1

178 +0

imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

updated at Nov. 11, 2024, 9:11 p.m.

13 +0

120 +0

35 -1

artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at Nov. 11, 2024, 9:28 p.m.

74 +0

1,062 +1

206 +0

Fastir_Collector by SekoiaLab

None

updated at Nov. 11, 2024, 10 p.m.

63 +0

506 +1

126 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at Nov. 11, 2024, 10:34 p.m.

144 -1

635 +1

59 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at Nov. 12, 2024, 12:50 p.m.

25 +0

680 +1

91 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at Nov. 12, 2024, 1:17 p.m.

29 +0

681 +2

125 +0

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

updated at Nov. 12, 2024, 6:53 p.m.

34 +0

769 +1

111 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

updated at Nov. 13, 2024, 3:35 a.m.

42 +0

809 +1

147 +1