ANSSI-FR / DECODE
Malware detection tool for Windows PE files based on DFIR ORC data
☆8Updated 5 months ago
Alternatives and similar repositories for DECODE:
Users that are interested in DECODE are comparing it to the libraries listed below
- Rules shared by the community from 100 Days of YARA 2024☆85Updated 3 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆60Updated last week
- Elastic Security Labs releases☆61Updated last week
- Carve file metadata from NTFS index ($I30) attributes☆63Updated last year
- Harness the power of Splunk for your investigations☆95Updated 2 weeks ago
- ☆18Updated 2 years ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated last year
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated last year
- Digital Forensics Artifacts Knowledge Base☆80Updated 10 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆108Updated last year
- The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access…☆54Updated this week
- Python tool to check rootkits in Windows kernel☆195Updated last month
- A ProcessMonitor visualization application written in rust.☆177Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last month
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆147Updated 6 months ago
- Linux #rootkit and #malware revealer☆24Updated 8 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆32Updated 4 months ago
- BlackBerry Threat Research & Intelligence☆98Updated last year
- A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…☆84Updated 8 months ago
- USN Journal full path builder☆57Updated 6 months ago
- macOS Artifacts☆28Updated last month
- ☆236Updated 10 months ago
- Generate Volatility3 profiles from BTF.☆17Updated 3 months ago
- ☆124Updated last month
- Search Index Database Reporter☆104Updated 4 months ago
- A C# based tool for analysing malicious OneNote documents☆111Updated last year
- Takajō (鷹匠) is a Hayabusa results analyzer.☆111Updated this week
- The core backend server handling API requests and task management☆38Updated this week
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Updated last year