bulk_extractor by simsong

This is the development tree. Production downloads are at:

created at April 3, 2012, 4:36 a.m.

74 +0

1,011 +1

180 +0

artifacts by ForensicArtifacts

Digital Forensics artifact repository

created at Oct. 31, 2014, 7:13 p.m.

73 -1

985 +1

202 +0

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

created at Nov. 30, 2015, 1:55 p.m.

72 +0

388 +0

178 +0

fibratus by rabbitstack

A modern tool for Windows kernel exploration and tracing with a focus on security

created at March 25, 2016, 11:28 a.m.

72 +0

2,085 +9

183 +0

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

70 +0

2,692 +19

450 +3

incident-response-docs by PagerDuty

PagerDuty's Incident Response Documentation.

created at Nov. 28, 2016, 5:58 p.m.

68 +0

1,009 +0

222 +0

hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

created at May 22, 2014, 3:25 a.m.

67 +0

1,021 +0

134 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

created at Oct. 15, 2019, 6:16 p.m.

65 +0

1,691 +15

380 +2

Fastir_Collector by SekoiaLab

None

created at Oct. 23, 2015, 9:18 a.m.

63 +0

502 +0

128 +0

playbooks by phantomcyber

Phantom Community Playbooks

created at Aug. 31, 2015, 10:35 p.m.

61 +0

453 +1

191 +1

security-apis by deralexxx

A collective list of public APIs for use in security. Contributions welcome

created at Jan. 9, 2018, 7:58 p.m.

59 +0

844 +2

129 +0

threat_note by DefensePointSecurity

DPS' Lightweight Investigation Notebook

created at Aug. 24, 2015, 2:53 p.m.

57 +0

420 +0

97 +0

volatility3 by volatilityfoundation

Volatility 3.0 development

created at Jan. 26, 2014, 6:09 p.m.

55 +0

2,236 +15

371 +2

DumpsterFire by TryCatchHCF

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

created at Oct. 5, 2017, 11:44 p.m.

50 +0

967 +0

148 +0

bitscout by vitaly-kamluk

Remote forensics meta tool

created at June 30, 2017, 10:20 a.m.

49 +0

437 +0

105 +0

chainsaw by WithSecureLabs

Rapidly Search and Hunt through Windows Forensic Artefacts

created at Aug. 13, 2021, 1:07 p.m.

49 +1

2,562 +9

229 +1

APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

created at Dec. 26, 2020, 9:52 p.m.

47 +0

1,153 +2

229 +1

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

created at Sept. 30, 2020, 9:15 a.m.

46 -1

2,458 +8

330 +1

ir-rescue by diogo-fernan

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

created at Aug. 2, 2016, 9:01 p.m.

45 +0

447 +0

93 +0

mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

created at Aug. 24, 2017, 3:37 p.m.

44 +0

719 +1

99 +0