AndrewRathbun / DFIRArtifactMuseumLinks
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
☆597Updated 3 months ago
Alternatives and similar repositories for DFIRArtifactMuseum
Users that are interested in DFIRArtifactMuseum are comparing it to the libraries listed below
Sorting:
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆617Updated last year
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆578Updated 5 months ago
- CyLR - Live Response Collection Tool☆682Updated 3 years ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆744Updated this week
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆526Updated 2 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆369Updated 5 months ago
- ☆516Updated 8 months ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆214Updated 4 months ago
- Forensics Wiki, a wiki devoted to information about digital forensics (also known as computer forensics)☆278Updated 3 weeks ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆720Updated 2 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆583Updated 2 months ago
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- Repository of attack and defensive information for Business Email Compromise investigations☆256Updated last month
- A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters …☆258Updated this week
- Rules generated from our investigations.☆195Updated last week
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆288Updated last month
- Documentation and scripts to properly enable Windows event logs.☆618Updated last year
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆635Updated this week
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆734Updated 3 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆318Updated last month
- The Volatility Collaborative GUI☆246Updated this week
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆913Updated last year
- Harness the power of Splunk for your investigations☆111Updated this week
- Hunting queries and detections☆807Updated 5 months ago
- Get all my software☆163Updated 2 weeks ago
- Jupyter Notebooks for the Blue Team☆144Updated 3 months ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆163Updated 7 months ago
- Practical Windows Forensics Training☆667Updated last year
- An analytical challenge created to test junior analysts looking to try performing proactive and reactive cyber threat intelligence.☆196Updated 11 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆393Updated 5 months ago