A toolset to make a system look as if it was the victim of an APT attack
updated at June 13, 2024, 7:58 a.m.
Remote Memory Acquisition Tool
updated at June 13, 2024, 5:24 a.m.
PowerForensics provides an all in one platform for live disk forensic analysis
updated at June 13, 2024, 12:03 a.m.
Windows Events Attack Samples
updated at June 12, 2024, 8:26 p.m.
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
updated at June 12, 2024, 6:24 p.m.
An information security preparedness tool to do adversarial simulation.
updated at June 12, 2024, 3:35 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
updated at June 12, 2024, 3:32 p.m.
A framework for orchestrating forensic collection, processing and data export
updated at June 12, 2024, 12:42 a.m.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
updated at June 11, 2024, 6:33 p.m.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
updated at June 11, 2024, 10:16 a.m.
A forensic evidence collection & analysis toolkit for OS X
updated at June 11, 2024, 10:08 a.m.
Investigate malicious Windows logon by visualizing and analyzing Windows event log
updated at June 10, 2024, 11:29 p.m.
A powerful and user-friendly browser extension that streamlines investigations for security professionals.
updated at June 9, 2024, 1:47 p.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
updated at June 9, 2024, 2:44 a.m.