AndrewRathbun / DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
☆573Updated 3 months ago
Alternatives and similar repositories for DFIRArtifactMuseum:
Users that are interested in DFIRArtifactMuseum are comparing it to the libraries listed below
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆684Updated this week
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆601Updated 8 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆550Updated last month
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆344Updated last month
- CyLR - Live Response Collection Tool☆663Updated 2 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆518Updated 2 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆700Updated 2 weeks ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆201Updated 2 weeks ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆521Updated this week
- ☆514Updated 4 months ago
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆193Updated 7 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆792Updated last year
- Rules generated from our investigations.☆193Updated 3 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆245Updated 2 weeks ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆277Updated 5 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆705Updated 2 months ago
- Cyber Incident Response Team Playbook Battle Cards☆370Updated 9 months ago
- A python script developed to process Windows memory images based on triage type.☆260Updated last year
- Practical Windows Forensics Training☆643Updated 11 months ago
- ☆198Updated last year
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆559Updated 2 weeks ago
- CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable repor…☆223Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆386Updated last month
- Documentation and scripts to properly enable Windows event logs.☆588Updated last year
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆182Updated 2 weeks ago
- A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat in…☆236Updated last week
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆152Updated 2 months ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆159Updated this week
- CLI tools for forensic investigation of Windows artifacts☆324Updated 3 months ago
- Forensics Wiki, a wiki devoted to information about digital forensics (also known as computer forensics)☆262Updated 9 months ago