artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at Nov. 11, 2024, 9:28 p.m.

74 +0

1,062 +1

206 +0

imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

updated at Nov. 11, 2024, 9:11 p.m.

13 +0

120 +0

35 -1

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

updated at Nov. 11, 2024, 12:04 p.m.

72 +0

395 +1

178 +0

doorman by mwielgoszewski

an osquery fleet manager

updated at Nov. 11, 2024, 10:40 a.m.

33 +0

621 +1

90 +0

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

updated at Nov. 11, 2024, 7:14 a.m.

10 +0

155 +2

18 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

updated at Nov. 11, 2024, 12:25 a.m.

24 +0

586 +2

85 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at Nov. 9, 2024, 11:40 p.m.

30 +0

334 +0

50 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

updated at Nov. 8, 2024, 5:21 p.m.

11 +0

148 +0

23 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

updated at Nov. 7, 2024, 5:01 p.m.

48 +0

462 +0

110 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at Nov. 7, 2024, 6:55 a.m.

17 +0

197 +0

25 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

updated at Nov. 6, 2024, 8:46 p.m.

43 +0

944 +0

122 +0

osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at Nov. 6, 2024, 2:25 p.m.

125 +0

1,875 +0

243 +0

winreg-kb by libyal

Windows Registry Knowledge Base

updated at Nov. 6, 2024, 2:18 p.m.

15 +0

162 +0

20 +0

RedHunt-OS by redhuntlabs

Virtual Machine for Adversary Emulation and Threat Hunting

updated at Nov. 6, 2024, 3:15 a.m.

84 +0

1,247 +0

193 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

updated at Nov. 6, 2024, 2:24 a.m.

182 +0

3,128 +0

280 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at Nov. 6, 2024, 1:20 a.m.

10 +0

338 +0

43 +0

acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

updated at Nov. 5, 2024, 6:53 a.m.

15 +0

91 +0

26 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

updated at Nov. 4, 2024, 9:17 p.m.

38 +0

491 +0

70 +0

scot by sandialabs

Sandia Cyber Omni Tracker (SCOT)

updated at Nov. 4, 2024, 2:36 p.m.

37 +0

245 +0

48 +0

MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

updated at Nov. 2, 2024, 2:03 p.m.

151 +0

2,168 +0

328 +0