AndrewRathbun / DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
☆596Updated last month
Alternatives and similar repositories for DFIRArtifactMuseum:
Users that are interested in DFIRArtifactMuseum are comparing it to the libraries listed below
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆612Updated 10 months ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆717Updated this week
- ☆515Updated 6 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆563Updated 3 months ago
- CyLR - Live Response Collection Tool☆674Updated 2 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆710Updated 2 weeks ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆521Updated 2 years ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆207Updated 2 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆280Updated 8 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆901Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆236Updated last month
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆357Updated 3 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆725Updated last month
- Awesome list of keywords and artifacts for Threat Hunting sessions☆563Updated last month
- Documentation and scripts to properly enable Windows event logs.☆603Updated last year
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆611Updated this week
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆950Updated last week
- Repository of attack and defensive information for Business Email Compromise investigations☆250Updated 2 months ago
- Get all my software☆153Updated 3 months ago
- The Volatility Collaborative GUI☆243Updated this week
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆196Updated 9 months ago
- Hunting queries and detections☆785Updated 3 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆619Updated last month
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆342Updated 8 months ago
- ☆199Updated last year
- Forensics Wiki, a wiki devoted to information about digital forensics (also known as computer forensics)☆271Updated last month
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆198Updated 7 months ago
- RegRipper3.0☆596Updated 4 months ago
- Jupyter Notebooks for the Blue Team☆145Updated last month