zentral by zentralopensource

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

updated at May 7, 2024, 12:57 a.m.

31 +0

721 +1

82 +0

bulk_extractor by simsong

This is the development tree. Production downloads are at:

updated at May 7, 2024, 1:56 a.m.

74 +0

1,011 +1

180 +0

dumpit-linux by MagnetForensics

Memory acquisition for Linux that makes sense.

updated at May 7, 2024, 9:13 a.m.

10 +0

126 +1

15 +0

dfir-orc by DFIR-ORC

Forensics artefact collection tool for systems running Microsoft Windows

updated at May 7, 2024, 10:13 a.m.

27 +0

357 +1

41 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at May 7, 2024, 12:53 p.m.

6 +0

19 +1

7 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at May 7, 2024, 8:04 p.m.

31 +0

423 +0

84 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

updated at May 7, 2024, 8:16 p.m.

11 +0

138 +1

22 +0

artifactcollector by forensicanalysis

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

updated at May 7, 2024, 9:07 p.m.

9 +0

241 +2

19 +1

LiME by 504ensicsLabs

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

updated at May 8, 2024, 3:16 a.m.

81 +0

1,642 +3

330 -1

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

updated at May 8, 2024, 7:57 p.m.

34 +1

721 +1

110 +1

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

updated at May 8, 2024, 8:53 p.m.

59 +0

844 +2

129 +0

catalyst by SecurityBrewery

Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes

updated at May 9, 2024, 2:01 a.m.

5 +0

272 +1

33 +1

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at May 9, 2024, 5:54 a.m.

13 +0

277 +1

30 +0

PowerForensics by Invoke-IR

PowerForensics provides an all in one platform for live disk forensic analysis

updated at May 9, 2024, 10:36 a.m.

159 +0

1,360 +1

276 +0

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at May 9, 2024, 10:54 a.m.

47 +0

1,153 +2

229 +1

Raccine by Neo23x0

A Simple Ransomware Vaccine

updated at May 9, 2024, 5:16 p.m.

43 +0

938 +1

123 +0

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at May 9, 2024, 10:22 p.m.

67 +0

1,021 +0

134 +0

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at May 10, 2024, 12:29 a.m.

40 +0

727 +1

78 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at May 10, 2024, 7:34 a.m.

30 +0

328 +1

52 +0

timesketch by google

Collaborative forensic timeline analysis

updated at May 10, 2024, 8:32 a.m.

138 +1

2,497 +4

569 +1