munin by Neo23x0

Online hash checker for Virustotal and other services

created at Oct. 9, 2017, 11:04 a.m.

42 +0

809 +1

147 +1

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

created at Jan. 8, 2020, 5:19 p.m.

28 +0

797 +3

124 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

created at Aug. 24, 2017, 3:37 p.m.

44 +0

782 +2

102 +2

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

created at Nov. 1, 2019, 4:45 a.m.

34 +0

769 +1

111 +0

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

created at June 9, 2020, 12:12 p.m.

42 +0

766 +1

81 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

18 +0

763 +1

82 +0

zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

created at Oct. 20, 2015, 2:03 p.m.

32 +0

752 +1

82 +0

Fenrir by Neo23x0

Simple Bash IOC Scanner

created at Oct. 8, 2015, 3:55 a.m.

41 +0

697 +3

103 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

29 +0

681 +2

125 +0

Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

created at March 2, 2021, 11:17 p.m.

25 +0

680 +1

91 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

created at Jan. 30, 2016, 4:58 a.m.

75 +1

650 +5

148 +0

CyLR by orlikoski

CyLR - Live Response Collection Tool

created at Sept. 6, 2016, 10:14 p.m.

32 +0

645 +3

88 -1

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

144 -1

635 +1

59 +0

doorman by mwielgoszewski

an osquery fleet manager

created at April 22, 2016, 7:31 p.m.

33 +0

621 +1

90 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

created at July 6, 2016, 11:02 a.m.

82 +0

598 +0

125 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

created at Sept. 22, 2021, 3:36 p.m.

24 +0

586 +2

85 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

26 +0

557 +3

126 +3

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

506 +1

126 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

38 +0

491 +0

70 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

485 +2

67 +0