fleet by fleetdm

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

updated at Nov. 16, 2024, 5:22 p.m.

36 +2

3,119 +12

431 +4

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

updated at Nov. 16, 2024, 6:08 p.m.

81 +0

1,724 +0

340 +1

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at Nov. 16, 2024, 7:08 p.m.

82 +0

4,875 +18

560 +2

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

updated at Nov. 16, 2024, 8:31 p.m.

26 -1

387 +1

42 +0

RegRipper3.0 by keydet89

RegRipper3.0

updated at Nov. 16, 2024, 9:26 p.m.

26 +0

557 +3

126 +3

APTSimulator by NextronSystems

A toolset to make a system look as if it was the victim of an APT attack

updated at Nov. 16, 2024, 9:46 p.m.

122 +0

2,469 +6

428 +0

artifactcollector by forensicanalysis

🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

updated at Nov. 16, 2024, 10:08 p.m.

8 +0

270 +2

21 +0

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at Nov. 16, 2024, 10:13 p.m.

67 +0

1,087 +5

142 +1

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at Nov. 16, 2024, 11:05 p.m.

75 +1

650 +5

148 +0

bulk_extractor by simsong

This is the development tree. Production downloads are at:

updated at Nov. 17, 2024, 12:02 a.m.

76 +0

1,115 +3

187 +0

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at Nov. 17, 2024, 1:24 a.m.

488 +1

20,710 +33

3,006 +3

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

updated at Nov. 17, 2024, 1:36 a.m.

42 +1

2,305 +15

203 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

updated at Nov. 17, 2024, 1:41 a.m.

143 -1

2,248 +3

398 +0

iris-web by dfir-iris

Collaborative Incident Response platform

updated at Nov. 17, 2024, 3:38 a.m.

28 +0

1,079 +5

184 +2

volatility by volatilityfoundation

An advanced memory forensics framework

updated at Nov. 17, 2024, 4:02 a.m.

309 +0

7,349 +26

1,280 +2

HELK by Cyb3rWard0g

The Hunting ELK

updated at Nov. 17, 2024, 5:31 a.m.

215 +0

3,768 +1

684 +1

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

updated at Nov. 17, 2024, 6:22 a.m.

53 +0

2,876 +12

264 +0

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at Nov. 17, 2024, 7:42 a.m.

200 +0

6,588 +24

919 +2

MemProcFS by ufrisk

MemProcFS

updated at Nov. 17, 2024, 8:23 a.m.

85 +1

3,115 +39

380 +5

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

updated at Nov. 17, 2024, 8:58 a.m.

305 +0

15,885 +34

1,150 +0