"Evolving AppCompat/AmCache data analysis beyond grep"
updated at May 5, 2024, 5:56 p.m.
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
updated at May 2, 2024, 10:25 a.m.
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
updated at April 30, 2024, 7:23 p.m.
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
updated at April 30, 2024, 3:04 a.m.
A forensic evidence collection & analysis toolkit for OS X
updated at April 29, 2024, 8:41 a.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
updated at April 28, 2024, 12:09 a.m.
OS X Auditor is a free Mac OS X computer forensics tool
updated at April 27, 2024, 4:08 p.m.
(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
updated at April 27, 2024, 8:50 a.m.
An information security preparedness tool to do adversarial simulation.
updated at April 27, 2024, 8:50 a.m.
Remote Memory Acquisition Tool
updated at April 27, 2024, 8:50 a.m.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
updated at April 27, 2024, 8:50 a.m.
Incident Response Forensic Framework
updated at April 27, 2024, 8:49 a.m.
DPS' Lightweight Investigation Notebook
updated at April 27, 2024, 8:49 a.m.
Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
updated at April 25, 2024, 6:46 p.m.