rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at June 8, 2024, 12:38 a.m.

18 +0

235 +0

53 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at June 7, 2024, 2:26 p.m.

30 +0

329 +0

51 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at June 6, 2024, 8:43 p.m.

13 +0

281 +0

31 +0

sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

updated at June 5, 2024, 10:28 p.m.

12 +0

66 +0

15 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

updated at June 5, 2024, 9:53 p.m.

57 +0

423 +0

97 +0

munin by Neo23x0

Online hash checker for Virustotal and other services

updated at June 3, 2024, 3:58 p.m.

42 +0

801 +0

149 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at June 3, 2024, 2:38 p.m.

31 +0

427 +0

84 +0

imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

updated at June 2, 2024, 4:32 p.m.

13 +0

114 +0

36 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

updated at June 2, 2024, 11:11 a.m.

36 +0

184 +0

60 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

updated at May 31, 2024, 11:57 a.m.

25 +0

468 +0

75 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

updated at May 31, 2024, 11:57 a.m.

43 +0

412 +0

58 +0

viper by viper-framework

Binary analysis and management framework

updated at May 31, 2024, 10:41 a.m.

148 +0

1,535 +0

353 +0

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at May 30, 2024, 8:42 a.m.

4 +0

21 +0

3 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at May 29, 2024, 10:36 a.m.

10 +0

189 +0

18 +0

Fastir_Collector by SekoiaLab

None

updated at May 27, 2024, 11:52 a.m.

63 +0

504 +0

127 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at May 27, 2024, 11:51 a.m.

31 +0

277 +0

57 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at May 27, 2024, 7:14 a.m.

15 +0

136 +0

36 +0

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

updated at May 22, 2024, 5:52 a.m.

14 +0

177 +0

31 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

updated at May 16, 2024, 1:39 p.m.

17 +0

190 +0

26 +0

mutablesecurity by MutableSecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

updated at May 14, 2024, 9:23 p.m.

1 +0

42 +0

7 +0