awesome-forensics by cugu

⭐️ A curated list of awesome forensic analysis tools and resources

created at March 29, 2016, 8:54 p.m.

Unknown languages

174 +0

3,995 +15

623 +0

GitHub
HELK by Cyb3rWard0g

The Hunting ELK

created at March 14, 2017, 7:14 p.m.

Jupyter Notebook

215 +0

3,768 +1

684 +1

GitHub
grr by google

GRR Rapid Response: remote live forensics for incident response

created at Dec. 4, 2013, 12:17 a.m.

Python

316 +1

4,783 +9

763 +2

GitHub
ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

created at March 28, 2017, 3:07 a.m.

Python

372 +0

4,023 +5

807 -1

GitHub
flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

created at July 5, 2017, 9:17 p.m.

PowerShell

200 +0

6,588 +24

919 +2

GitHub
caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

Python

171 +1

5,655 +17

1,074 +2

GitHub
cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

created at Sept. 25, 2017, 9:50 a.m.

C++

305 +0

15,885 +34

1,150 +0

GitHub
volatility by volatilityfoundation

An advanced memory forensics framework

created at April 24, 2014, 3:45 p.m.

Python

309 +0

7,349 +26

1,280 +2

GitHub
cuckoo by cuckoosandbox

Cuckoo Sandbox is an automated dynamic malware analysis system

created at Sept. 7, 2011, 12:12 p.m.

JavaScript

436 +0

5,564 +7

1,705 +1

GitHub
sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

created at Feb. 1, 2017, 6:49 p.m.

Unknown languages

356 +0

4,808 +9

1,707 -1

GitHub
sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

Python

346 +1

8,369 +32

2,198 -2

GitHub
atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

created at Oct. 11, 2017, 5:23 p.m.

C

352 -1

9,789 +25

2,803 +2

GitHub
radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

C

488 +1

20,710 +33

3,006 +3

GitHub
ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

Java

1,037 +4

51,864 +241

5,893 +20

GitHub