volatility3 by volatilityfoundation

Volatility 3.0 development

updated at April 28, 2024, 10:21 p.m.

55 -1

2,215 +12

367 +3

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

updated at April 28, 2024, 10:12 p.m.

300 +1

15,022 +101

1,126 +5

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at April 28, 2024, 9:53 p.m.

370 +0

3,870 +7

795 +3

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at April 28, 2024, 9:27 p.m.

164 +0

2,490 +4

565 -1

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

updated at April 28, 2024, 7:05 p.m.

49 +0

2,548 +7

227 +0

velociraptor by Velocidex

Digging Deeper....

updated at April 28, 2024, 5:52 p.m.

70 +0

2,660 +12

447 +1

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at April 28, 2024, 5:06 p.m.

67 +0

1,017 +3

134 +0

plaso by log2timeline

Super timeline all the things

updated at April 28, 2024, 4:35 p.m.

92 +1

1,624 +6

324 +0

caldera by mitre

Automated Adversary Emulation Platform

updated at April 28, 2024, 3:38 p.m.

167 +0

5,180 +7

1,011 +4

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at April 28, 2024, 3:24 p.m.

64 +1

1,671 +13

378 +2

iris-web by dfir-iris

Collaborative Incident Response platform

updated at April 28, 2024, 2:54 p.m.

26 +0

935 +3

141 +2

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at April 28, 2024, 1:38 p.m.

78 +0

3,855 +13

491 -1

ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

updated at April 28, 2024, 1:19 p.m.

1,018 +1

47,712 +175

5,539 +6

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at April 28, 2024, 1:09 p.m.

198 +0

5,861 +17

863 +4

MemProcFS by ufrisk

MemProcFS

updated at April 28, 2024, 12:41 p.m.

76 +0

2,654 +14

328 +0

uac by tclahr

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

updated at April 28, 2024, 12:25 p.m.

26 +0

620 +9

102 +1

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at April 28, 2024, 12:01 p.m.

18 +0

855 +5

59 +1

Kuiper by DFIRKuiper

Digital Forensics Investigation Platform

updated at April 28, 2024, 11:59 a.m.

33 +0

722 +5

109 +1

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at April 28, 2024, 10:08 a.m.

122 +0

1,836 +5

500 -1

volatility by volatilityfoundation

An advanced memory forensics framework

updated at April 28, 2024, 9:56 a.m.

308 -1

6,931 +14

1,249 +2