Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

506 +1

126 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

26 +0

557 +3

126 +3

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

29 +0

681 +2

125 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

created at July 6, 2016, 11:02 a.m.

82 +0

598 +0

125 +0

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

created at Jan. 8, 2020, 5:19 p.m.

28 +0

797 +3

124 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

created at Oct. 3, 2020, 11:30 a.m.

43 +0

944 +0

122 +0

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

created at Nov. 1, 2019, 4:45 a.m.

34 +0

769 +1

111 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

created at June 30, 2017, 10:20 a.m.

48 +0

462 +0

110 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

created at Oct. 8, 2015, 3:55 a.m.

41 +0

697 +3

103 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

created at Aug. 24, 2017, 3:37 p.m.

44 +0

782 +2

102 +2

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

created at July 3, 2022, 1:41 p.m.

22 +0

1,472 +8

100 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

423 +0

97 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

created at Aug. 2, 2016, 9:01 p.m.

44 +0

465 +0

95 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

25 +0

680 +1

91 +0

doorman by mwielgoszewski

an osquery fleet manager

created at April 22, 2016, 7:31 p.m.

33 +0

621 +1

90 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

created at Sept. 6, 2016, 10:14 p.m.

32 +0

645 +3

88 -1

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

586 +2

85 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

created at Oct. 20, 2015, 2:03 p.m.

32 +0

752 +1

82 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

18 +0

763 +1

82 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

created at Feb. 8, 2018, 11:30 a.m.

31 +0

435 +0

82 +0