Rapidly Search and Hunt through Windows Forensic Artefacts
created at Aug. 13, 2021, 1:07 p.m.
DPS' Lightweight Investigation Notebook
created at Aug. 24, 2015, 2:53 p.m.
A collective list of public APIs for use in security. Contributions welcome
created at Jan. 9, 2018, 7:58 p.m.
Malware Configuration And Payload Extraction
created at Oct. 15, 2019, 6:16 p.m.
Web browser forensics for Google Chrome/Chromium
created at May 22, 2014, 3:25 a.m.
PagerDuty's Incident Response Documentation.
created at Nov. 28, 2016, 5:58 p.m.
Adversary tradecraft detection, protection, and hunting
created at March 25, 2016, 11:28 a.m.
Digital Forensics artifact repository
created at Oct. 31, 2014, 7:13 p.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
created at Jan. 30, 2016, 4:58 a.m.
An information security preparedness tool to do adversarial simulation.
created at Nov. 1, 2017, 9:24 p.m.
This is the development tree. Production downloads are at:
created at April 3, 2012, 4:36 a.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
created at Sept. 23, 2014, 4:23 p.m.
Incident Response Forensic Framework
created at July 6, 2016, 11:02 a.m.