scot by sandialabs

Sandia Cyber Omni Tracker (SCOT)

created at Aug. 27, 2014, 8:24 p.m.

38 +0

242 +0

48 +0

artifactcollector by forensicanalysis

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

created at Jan. 3, 2020, 3:16 p.m.

9 +0

241 +2

19 +1

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

235 +0

50 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

18 +0

234 +0

53 +0

lorg by jensvoid

Apache Logfile Security Analyzer

created at June 20, 2013, 6:33 p.m.

42 +0

207 +0

50 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

created at May 18, 2020, 2:01 p.m.

12 +0

201 +11

19 +2

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

192 +0

50 +0

appcompatprocessor by mbevilacqua

"Evolving AppCompat/AmCache data analysis beyond grep"

created at April 2, 2017, 6:11 p.m.

17 +0

189 +1

26 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

created at Dec. 22, 2018, 8:23 p.m.

10 +0

187 +0

18 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

created at April 22, 2016, 1:25 a.m.

36 +0

183 +0

60 +0

AChoir by OMENScan

Windows Live Artifacts Acquisition Script

created at May 25, 2015, 7:48 p.m.

14 +0

176 +1

31 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

created at July 15, 2014, 8:23 p.m.

18 +0

173 +0

39 +0

Fastir_Collector_Linux by SekoiaLab

None

created at Jan. 25, 2016, 2:10 p.m.

23 +0

165 +0

43 +0

spyre by spyre-project

simple YARA-based IOC scanner

created at May 28, 2018, 7:07 p.m.

12 +0

159 +0

27 +0

winreg-kb by libyal

Windows Registry Knowledge Base

created at Sept. 28, 2014, 5:15 a.m.

16 +0

151 +0

20 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

created at Jan. 14, 2018, 9:42 a.m.

13 +0

144 +0

29 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

created at Oct. 19, 2015, 3:50 p.m.

19 +0

140 +0

25 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

created at Feb. 19, 2017, 8:31 p.m.

11 +0

138 +1

22 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

created at Oct. 11, 2016, 3:33 p.m.

15 +0

134 +0

36 +0

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

created at Oct. 9, 2022, 7:49 p.m.

10 +0

126 +1

15 +0