AndrewRathbun / DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
☆555Updated last week
Related projects ⓘ
Alternatives and complementary repositories for DFIRArtifactMuseum
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆588Updated 5 months ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆528Updated 2 months ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆514Updated 2 years ago
- ☆505Updated last month
- CyLR - Live Response Collection Tool☆647Updated 2 years ago
- Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques☆308Updated 5 months ago
- Documentation and scripts to properly enable Windows event logs.☆556Updated last year
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆186Updated 4 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆680Updated last week
- A python script developed to process Windows memory images based on triage type.☆258Updated 11 months ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆194Updated 6 months ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆767Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆270Updated 2 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆541Updated 3 weeks ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆657Updated last week
- Awesome list of keywords and artifacts for Threat Hunting sessions☆471Updated last week
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆270Updated last month
- The Volatility Collaborative GUI☆227Updated this week
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆481Updated last week
- Forensics Wiki, a wiki devoted to information about digital forensics (also known as computer forensics)☆251Updated 6 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆643Updated last week
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆279Updated 3 months ago
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆139Updated this week
- Purple Team Exercise Framework☆624Updated 10 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆146Updated last month
- Repository of attack and defensive information for Business Email Compromise investigations☆230Updated 2 months ago
- Rules generated from our investigations.☆189Updated 3 weeks ago
- Jupyter Notebooks for the Blue Team☆141Updated last year
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆356Updated 2 months ago
- Sysmon configuration file template with default high-quality event tracing☆454Updated 9 months ago