capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

79 +0

3,912 +15

494 +0

sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

created at Feb. 1, 2017, 6:49 p.m.

357 +0

4,601 +7

1,674 +3

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

55 +0

2,270 +18

373 +2

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

73 +0

994 +3

203 -1

sysmon-modular by olafhartong

A repository of sysmon configuration modules

created at Jan. 13, 2018, 9:20 p.m.

164 +0

2,504 +2

568 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

created at Dec. 22, 2018, 8:23 p.m.

10 +0

187 +0

18 +0

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

created at Nov. 1, 2019, 4:45 a.m.

34 +0

723 +0

110 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

72 +2

2,716 +13

454 +2

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

144 +0

2,138 +1

392 +0

spyre by spyre-project

simple YARA-based IOC scanner

created at May 28, 2018, 7:07 p.m.

12 +0

160 +1

27 +0

artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

created at Jan. 17, 2018, 7:31 p.m.

8 +0

68 +0

15 +0

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

created at March 28, 2017, 3:07 a.m.

369 -1

3,884 +7

796 +0

winreg-kb by libyal

Windows Registry Knowledge Base

created at Sept. 28, 2014, 5:15 a.m.

16 +0

151 +0

20 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

created at Oct. 3, 2020, 11:30 a.m.

43 +0

940 +2

123 +0

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

45 +0

2,474 +7

327 -3

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

created at July 29, 2016, 1:54 p.m.

25 +0

278 +0

69 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

created at May 8, 2015, 11:21 a.m.

122 +0

1,858 +11

503 +1

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

created at Dec. 26, 2020, 2:28 a.m.

13 +0

280 +0

30 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

549 +2

82 +0

catalyst by SecurityBrewery

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes

created at Dec. 12, 2021, 11:37 p.m.

5 +0

276 +2

34 +0