A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
created at Aug. 2, 2016, 9:01 p.m.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
created at Feb. 8, 2018, 11:30 a.m.
DPS' Lightweight Investigation Notebook
created at Aug. 24, 2015, 2:53 p.m.
Investigate suspicious activity by visualizing Sysmon's event log
created at July 31, 2018, 11:25 p.m.
Cyber Incident Response Team Playbook Battle Cards
created at Oct. 27, 2019, 4:28 a.m.
A powerful and user-friendly browser extension that streamlines investigations for security professionals.
created at Jan. 3, 2023, 4:51 p.m.
$MFT directory tree reconstruction & FILE record info
created at Dec. 26, 2020, 2:28 a.m.
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
created at April 29, 2011, 4:37 a.m.
A framework for orchestrating forensic collection, processing and data export
created at July 29, 2016, 1:54 p.m.
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
created at Dec. 12, 2021, 11:37 p.m.
VolatilityBot – An automated memory analyzer for malware samples and memory dumps
created at Feb. 4, 2015, 3:13 p.m.
Web interface for the Volatility Memory Forensics Framework
created at April 14, 2015, 1:26 a.m.
A modular Python application to collect intelligence for malicious hosts.
created at Aug. 22, 2016, 8:25 p.m.