artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

updated at Nov. 2, 2024, 12:41 a.m.

7 +0

75 +0

16 +0

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

updated at Nov. 1, 2024, 5:08 p.m.

44 +0

465 +0

95 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

updated at Oct. 30, 2024, 3:26 p.m.

35 +0

186 +0

54 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at Oct. 29, 2024, 9:41 p.m.

13 +0

292 +0

32 +0

SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at Oct. 25, 2024, 7:56 a.m.

5 +0

37 +0

3 +0

viper by viper-framework

Binary analysis and management framework

updated at Oct. 25, 2024, 1:49 a.m.

148 +0

1,539 +0

350 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at Oct. 24, 2024, 2:56 a.m.

57 +0

423 +0

97 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

updated at Oct. 23, 2024, 6:23 p.m.

82 +0

598 +0

125 +0

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at Oct. 22, 2024, 7:12 p.m.

4 +0

24 +0

3 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

updated at Oct. 21, 2024, 2:10 p.m.

17 +0

360 +0

67 +1

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at Oct. 21, 2024, 10:37 a.m.

43 +0

417 +0

58 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at Oct. 21, 2024, 10:37 a.m.

18 +0

174 +0

40 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at Oct. 21, 2024, 7:56 a.m.

17 +0

238 +0

53 +0

spyre by spyre-project

simple YARA-based IOC scanner

updated at Oct. 19, 2024, 2:56 p.m.

12 +0

164 +0

27 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

updated at Oct. 17, 2024, 7:23 a.m.

25 +0

482 +0

75 +0

traceroute-circl by CIRCL

Traceroute improved wrapper for CSIRT and CERT operators

updated at Oct. 9, 2024, 6:38 a.m.

16 +0

37 +0

9 +0

morgue by etsy

post mortem tracker

updated at Oct. 7, 2024, 11:23 p.m.

74 +0

1,017 +0

133 +0

lorg by jensvoid

Apache Logfile Security Analyzer

updated at Oct. 6, 2024, 11:03 p.m.

42 +0

209 +0

50 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at Oct. 3, 2024, 5:12 a.m.

15 +0

137 +0

30 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at Oct. 3, 2024, 5:12 a.m.

6 +0

21 +0

7 +0