Investigate malicious Windows logon by visualizing and analyzing Windows event log
created at Nov. 24, 2017, 6:07 a.m.
Rapidly Search and Hunt through Windows Forensic Artefacts
created at Aug. 13, 2021, 1:07 p.m.
A repository of sysmon configuration modules
created at Jan. 13, 2018, 9:20 p.m.
A toolset to make a system look as if it was the victim of an APT attack
created at Feb. 3, 2018, 2:19 p.m.
Windows Events Attack Samples
created at March 15, 2019, 8:45 a.m.
A modern tool for Windows kernel exploration and tracing with a focus on security
created at March 25, 2016, 11:28 a.m.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
created at Sept. 18, 2020, 5:04 a.m.
A forensic evidence collection & analysis toolkit for OS X
created at Aug. 4, 2014, 6:25 p.m.
Please no pull requests for this repository. Thanks!
created at May 8, 2015, 11:21 a.m.
Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
created at Oct. 13, 2014, 9:26 p.m.
Malware Configuration And Payload Extraction
created at Oct. 15, 2019, 6:16 p.m.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
created at Sept. 23, 2014, 4:23 p.m.
Binary analysis and management framework
created at Nov. 9, 2013, 6:24 p.m.