Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

created at June 9, 2020, 12:12 p.m.

41 +1

728 +1

78 +0

RegRipper3.0 by keydet89

RegRipper3.0

created at May 27, 2020, 3:24 p.m.

27 +0

493 +5

120 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

created at May 18, 2020, 2:01 p.m.

12 +0

203 +2

19 +0

Shuffle by Shuffle

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

created at May 7, 2020, 12:28 p.m.

34 +0

1,278 +5

302 +1

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

created at Jan. 8, 2020, 5:19 p.m.

27 +0

641 +3

104 +1

artifactcollector by forensicanalysis

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

created at Jan. 3, 2020, 3:16 p.m.

9 +0

243 +2

19 +0

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

created at Nov. 1, 2019, 4:45 a.m.

34 +0

723 +2

110 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

338 +1

59 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

64 -1

1,702 +11

381 +1

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

created at Sept. 20, 2019, 9:30 a.m.

27 +0

358 +1

41 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

created at Sept. 5, 2019, 1:02 p.m.

30 +0

649 +1

123 +0

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

created at June 6, 2019, 11:01 p.m.

32 +0

815 +3

75 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

471 +2

68 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

created at March 15, 2019, 8:45 a.m.

144 +0

2,137 +1

392 +0

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

1,026 +3

48,046 +100

5,564 +8

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

created at Dec. 22, 2018, 8:23 p.m.

10 +0

187 +0

18 +0

MemProcFS by ufrisk

MemProcFS

created at Nov. 18, 2018, 6:19 p.m.

77 +1

2,687 +12

332 +1

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

466 +1

75 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

created at July 31, 2018, 11:25 p.m.

44 +0

409 +0

58 +0

spyre by spyre-project

simple YARA-based IOC scanner

created at May 28, 2018, 7:07 p.m.

12 +0

159 +0

27 +0