morgue by etsy

post mortem tracker

created at Oct. 17, 2013, 5:16 a.m.

74 +0

1,017 +0

133 +0

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

created at Nov. 28, 2016, 5:58 p.m.

68 +0

1,022 +1

224 -1

RTA by endgameinc

None

created at March 19, 2018, 7:59 p.m.

96 +0

1,050 +1

212 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

74 +0

1,062 +1

206 +0

iris-web by dfir-iris

Collaborative Incident Response platform

created at Dec. 20, 2021, 8:19 a.m.

28 +0

1,079 +5

184 +2

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

created at May 22, 2014, 3:25 a.m.

67 +0

1,087 +5

142 +1

metta by uber-common

An information security preparedness tool to do adversarial simulation.

created at Nov. 1, 2017, 9:24 p.m.

75 +0

1,101 +3

151 +0

bulk_extractor by simsong

This is the development tree. Production downloads are at:

created at April 3, 2012, 4:36 a.m.

76 +0

1,115 +3

187 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

created at March 14, 2018, 7:31 p.m.

84 +0

1,247 +0

193 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

created at Dec. 26, 2020, 9:52 p.m.

47 +0

1,255 +3

239 +1

flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

created at Jan. 10, 2018, 12:31 p.m.

35 +0

1,260 +3

132 +0

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

created at March 7, 2015, 5:12 p.m.

158 +0

1,385 -1

274 +0

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

22 +0

1,472 +8

100 +0

viper by viper-framework

Binary analysis and management framework

created at Nov. 9, 2013, 6:24 p.m.

148 +0

1,539 +0

350 +0

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

created at Sept. 23, 2014, 4:23 p.m.

81 +0

1,724 +0

340 +1

plaso by log2timeline

Super timeline all the things

created at Sept. 8, 2014, 11:29 p.m.

94 +1

1,734 +2

352 +1

Shuffle by Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

created at May 7, 2020, 12:28 p.m.

41 +0

1,743 +4

336 +0

stenographer by google

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com

created at Oct. 13, 2014, 9:26 p.m.

101 +0

1,790 +2

238 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

created at Aug. 4, 2014, 6:25 p.m.

125 +0

1,875 +0

243 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

2,011 +14

425 +0