rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at June 8, 2024, 12:38 a.m.

Python

18 +0

235 +0

53 +0

GitHub
CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at June 7, 2024, 2:26 p.m.

Python

30 +0

329 +0

51 +0

GitHub
MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at June 6, 2024, 8:43 p.m.

PowerShell

13 +0

281 +0

31 +0

GitHub
sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

updated at June 5, 2024, 10:28 p.m.

Python

12 +0

66 +0

15 +0

GitHub
threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at June 5, 2024, 9:53 p.m.

HTML

57 +0

423 +0

97 +0

GitHub
munin by Neo23x0

Online hash checker for Virustotal and other services

updated at June 3, 2024, 3:58 p.m.

Python

42 +0

801 +0

149 +0

GitHub
Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at June 3, 2024, 2:38 p.m.

PowerShell

31 +0

427 +0

84 +0

GitHub
imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

updated at June 2, 2024, 4:32 p.m.

Python

13 +0

114 +0

36 +0

GitHub
falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

updated at June 2, 2024, 11:11 a.m.

JavaScript

36 +0

184 +0

60 +0

GitHub
dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

updated at May 31, 2024, 11:57 a.m.

Python

25 +0

468 +0

75 +0

GitHub
SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at May 31, 2024, 11:57 a.m.

JavaScript

43 +0

412 +0

58 +0

GitHub
viper by viper-framework

Binary analysis and management framework

updated at May 31, 2024, 10:41 a.m.

Python

148 +0

1,535 +0

353 +0

GitHub
domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at May 30, 2024, 8:42 a.m.

Python

4 +0

21 +0

3 +0

GitHub
Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at May 29, 2024, 10:36 a.m.

Python

10 +0

189 +0

18 +0

GitHub
Fastir_Collector by SekoiaLab

None

updated at May 27, 2024, 11:52 a.m.

Python

63 +0

504 +0

127 +0

GitHub
inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at May 27, 2024, 11:51 a.m.

C#

31 +0

277 +0

57 +0

GitHub
visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at May 27, 2024, 7:14 a.m.

HTML

15 +0

136 +0

36 +0

GitHub
AChoir by OMENScan

Windows Live Artifacts Acquisition Script

updated at May 22, 2024, 5:52 a.m.

C++

14 +0

177 +0

31 +0

GitHub
appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at May 16, 2024, 1:39 p.m.

Python

17 +0

190 +0

26 +0

GitHub
mutablesecurity by MutableSecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

updated at May 14, 2024, 9:23 p.m.

Python

1 +0

42 +0

7 +0

GitHub