flightsim by alphasoc

A utility to safely generate malicious network traffic patterns and evaluate controls.

updated at May 11, 2024, 6:19 a.m.

35 +0

1,188 +2

128 +0

orochi by LDO-CERT

The Volatility Collaborative GUI

updated at May 11, 2024, 5:48 a.m.

12 +0

201 +11

19 +2

LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at May 11, 2024, 5:23 a.m.

136 +0

2,633 +3

441 +1

grr by google

GRR Rapid Response: remote live forensics for incident response

updated at May 11, 2024, 3:25 a.m.

316 +0

4,656 +2

760 +1

iris-web by dfir-iris

Collaborative Incident Response platform

updated at May 11, 2024, 1:19 a.m.

26 +0

942 +3

142 +1

RTA by endgameinc

None

updated at May 11, 2024, 1:09 a.m.

98 +0

1,035 +1

213 +0

gsvsoc_cirt-playbook-battle-cards by guardsight

Cyber Incident Response Team Playbook Battle Cards

updated at May 10, 2024, 4:25 p.m.

17 +0

337 +3

59 +1

matano by matanolabs

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

updated at May 10, 2024, 3:45 p.m.

20 +0

1,359 +2

89 +2

avml by Microsoft

AVML - Acquire Volatile Memory for Linux

updated at May 10, 2024, 2:28 p.m.

32 +0

812 +4

75 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at May 10, 2024, 1:23 p.m.

30 +0

648 +2

123 +0

SOC-Multitool by zdhenard42

A powerful and user-friendly browser extension that streamlines investigations for security professionals.

updated at May 10, 2024, 10:48 a.m.

10 +0

310 +1

41 +0

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at May 10, 2024, 10:47 a.m.

42 +0

882 +3

136 +1

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at May 10, 2024, 10:46 a.m.

18 +0

859 +1

59 +0

awesome-event-ids by stuhli

Collection of Event ID ressources useful for Digital Forensics and Incident Response

updated at May 10, 2024, 10:42 a.m.

24 +0

540 +1

83 +0

SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at May 10, 2024, 9:09 a.m.

4 +0

36 +3

3 +0

timesketch by google

Collaborative forensic timeline analysis

updated at May 10, 2024, 8:32 a.m.

138 +1

2,497 +4

569 +1

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at May 10, 2024, 7:34 a.m.

30 +0

328 +1

52 +0

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at May 10, 2024, 12:29 a.m.

40 +0

727 +1

78 +0

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at May 9, 2024, 10:22 p.m.

67 +0

1,021 +0

134 +0

Raccine by Neo23x0

A Simple Ransomware Vaccine

updated at May 9, 2024, 5:16 p.m.

43 +0

938 +1

123 +0