avml by Microsoft

AVML - Acquire Volatile Memory for Linux

created at June 6, 2019, 11:01 p.m.

32 +0

812 +4

75 +0

dfirtrack by dfirtrack

DFIRTrack - The Incident Response Tracking Application

created at Nov. 11, 2018, 10:14 p.m.

25 +0

465 +1

75 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

created at May 13, 2021, 10:33 p.m.

17 +1

678 +0

74 +0

MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

created at April 22, 2019, 12:23 a.m.

36 +0

469 +1

68 +0

Skadi by orlikoski

Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux

created at Oct. 25, 2016, 2:57 p.m.

37 +0

479 +0

68 +0

dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

created at July 29, 2016, 1:54 p.m.

25 +0

276 +3

67 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

created at Sept. 7, 2017, 6:25 a.m.

24 +0

244 +0

64 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

created at May 1, 2018, 10:11 p.m.

143 +0

635 +0

60 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

created at April 22, 2016, 1:25 a.m.

36 +0

183 +0

60 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

created at Oct. 27, 2019, 4:28 a.m.

17 +0

337 +3

59 +1

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

created at July 21, 2022, 8:26 a.m.

18 +0

859 +1

59 +0

VolatilityBot by mkorman90

VolatilityBot – An automated memory analyzer for malware samples and memory dumps

created at Feb. 4, 2015, 3:13 p.m.

27 +0

259 +0

59 +0

SysmonSearch by JPCERTCC

Investigate suspicious activity by visualizing Sysmon's event log

created at July 31, 2018, 11:25 p.m.

44 +0

409 +0

58 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

created at April 29, 2011, 4:37 a.m.

31 +0

276 +0

57 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

created at May 1, 2018, 6:21 p.m.

18 +0

234 +0

53 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

created at Jan. 14, 2016, 4:48 p.m.

30 +0

328 +1

52 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

created at Aug. 22, 2016, 8:25 p.m.

30 +0

258 +0

52 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

created at April 19, 2015, 12:30 a.m.

28 +0

192 +0

50 +0

lorg by jensvoid

Apache Logfile Security Analyzer

created at June 20, 2013, 6:33 p.m.

42 +0

207 +0

50 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

created at Aug. 9, 2016, 5:39 p.m.

17 +0

235 +0

50 +0