ANSSI-FR / DECODE
Malware detection tool for Windows PE files based on DFIR ORC data
☆8Updated 6 months ago
Alternatives and similar repositories for DECODE:
Users that are interested in DECODE are comparing it to the libraries listed below
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates…☆63Updated 3 weeks ago
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated 2 years ago
- Elastic Security Labs releases☆62Updated 3 weeks ago
- ☆68Updated 2 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆33Updated 5 months ago
- Collection of rules created using YARA-Signator over Malpedia☆128Updated 5 months ago
- A guide on how to write fast and memory friendly YARA rules☆142Updated 2 months ago
- Rules shared by the community from 100 Days of YARA 2024☆85Updated 3 months ago
- Documentation repository☆44Updated 7 months ago
- USN Journal full path builder☆59Updated 7 months ago
- The core backend server handling API requests and task management☆38Updated 2 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copies☆98Updated last year
- Harness the power of Splunk for your investigations☆99Updated 3 weeks ago
- ☆245Updated 11 months ago
- YARA rule analyzer to improve rule quality and performance☆99Updated 2 weeks ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated 2 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- Digital Forensics Artifacts Knowledge Base☆81Updated 11 months ago
- Sample evtx files to use for testing hayabusa detection rules☆52Updated 5 months ago
- Python based CLI for MalwareBazaar☆37Updated 5 months ago
- Remote access and Antivirus Logging Database☆42Updated 11 months ago
- JPCERT/CC public YARA rules repository☆106Updated 4 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated last year
- Carve file metadata from NTFS index ($I30) attributes☆63Updated last year
- Detection Engineering with YARA☆87Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆159Updated 5 months ago
- This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.☆114Updated last year
- BlackBerry Threat Research & Intelligence☆98Updated last year
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago