🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
updated at May 24, 2024, 5:19 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
updated at May 24, 2024, 3:34 p.m.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
updated at May 24, 2024, 12:36 p.m.
Cuckoo Sandbox is an automated dynamic malware analysis system
updated at May 24, 2024, 9:54 a.m.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
updated at May 24, 2024, 8:44 a.m.
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
updated at May 24, 2024, 7 a.m.
A framework for orchestrating forensic collection, processing and data export
updated at May 24, 2024, 1:55 a.m.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
updated at May 23, 2024, 9:43 p.m.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
updated at May 23, 2024, 1:45 p.m.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
updated at May 23, 2024, 11:19 a.m.
A collective list of public APIs for use in security. Contributions welcome
updated at May 23, 2024, 9:35 a.m.