Alternatives and similar repositories for WAAD

Users that are interested in WAAD are comparing it to the libraries listed below

• ANSSI-FR / bits_parser
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆75Updated 3 months ago
• DFIR-ORC / dfir-orc-config
  Configurations for DFIR ORC
  ☆27Updated last year
• andreafortuna / malhunt
  Hunt malware with Volatility
  ☆47Updated last year
• airbus-cert / timeliner
  A rewrite of mactime, a bodyfile reader
  ☆37Updated 10 months ago
• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆33Updated last month
• openrelik / openrelik-server
  The core backend server handling API requests and task management
  ☆39Updated last week
• W3ndige / aurora
  Malware similarity platform with modularity in mind.
  ☆78Updated 3 years ago
• andreafortuna / autotimeliner
  Automagically extract forensic timeline from volatile memory dump
  ☆130Updated last year
• aboutsecurity / jupyter-notebooks
  My Jupyter Notebooks
  ☆36Updated 2 months ago
• swisscom / PowerSponse
  PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
  ☆38Updated 3 years ago
• AndrewRathbun / Anti-Forensics-VHDX
  A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…
  ☆27Updated 2 years ago
• 00010111 / smbtimeline
  ☆35Updated 7 months ago
• tap-ir / tapir
  TAPIR is a multi-user, client/server, incident response framework
  ☆44Updated 2 years ago
• forensicmatt / PancakeViewer
  A DFVFS Backed Forensic Viewer
  ☆40Updated 5 years ago
• MartinIngesen / gpocrack
  Active Directory Group Policy Preferences cpassword cracker/decrypter.
  ☆24Updated 4 years ago
• jschicht / MftCarver
  Carve $MFT records from a chunk of data (for instance a memory dump)
  ☆16Updated 8 years ago
• swimlane / PSAttck
  PSAttck is a light-weight framework for the MITRE ATT&CK Framework.
  ☆38Updated 3 years ago
• Hestat / calamity
  A script to assist in processing forensic RAM captures for malware triage
  ☆27Updated 4 years ago
• NextronSystems / nextron-helper-scripts
  Public tools, scripts or code snippets that can help when working with our products
  ☆46Updated last month
• evild3ad / isodump
  isodump - ISO dump utility
  ☆40Updated 5 years ago
• moullos / Mitigate
  Machine Interrogation To Identify Gaps & Techniques for Execution
  ☆32Updated 2 years ago
• Silv3rHorn / evtx2json
  evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
  ☆42Updated 4 years ago
• Jrotenberger / Powershell-IR-Scripts
  ☆39Updated 5 years ago
• tsale / BlueSploit
  BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.
  ☆32Updated 5 years ago
• fox-it / skrapa
  A zero dependency and customizable Python library for scanning Windows and Linux process memory.
  ☆66Updated last year
• soufianetahiri / ransomware_Incident_Response_FR
  petit "playbook" qui pourrait servir de base à une réponse à incident lors d'une attaque de type ransomware
  ☆21Updated 2 years ago
• bengoerz / PurpleTeamDocs
  ☆29Updated 4 years ago
• hpthreatresearch / tools
  Scripts and tools accompanying HP Threat Research blog posts and reports.
  ☆50Updated last year
• CIRCL / forensic-tools
  CIRCL system forensic tools or a jumble of tools to support forensic
  ☆42Updated 2 years ago
• mandiant / pulsesecure_exploitation_countermeasures
  ☆23Updated 2 years ago