AndrewRathbun / DFIRArtifactMuseumView external linksLinks
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
☆645Nov 7, 2025Updated 3 months ago
Alternatives and similar repositories for DFIRArtifactMuseum
Users that are interested in DFIRArtifactMuseum are comparing it to the libraries listed below
Sorting:
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆643Jun 19, 2024Updated last year
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,238Feb 5, 2026Updated last week
- A python script developed to process Windows memory images based on triage type.☆264Nov 25, 2023Updated 2 years ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆191Oct 29, 2025Updated 3 months ago
- Documentation and scripts to properly enable Windows event logs.☆671Oct 3, 2025Updated 4 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆694Oct 22, 2025Updated 3 months ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆342Dec 3, 2025Updated 2 months ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆218Dec 30, 2025Updated last month
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,014Feb 4, 2026Updated last week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,440Oct 12, 2025Updated 4 months ago
- Practical Windows Forensics Training☆740Updated this week
- Digital Forensics artifact repository☆1,201Feb 7, 2026Updated last week
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆780Updated this week
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 3 months ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆551Sep 2, 2022Updated 3 years ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆960Oct 5, 2023Updated 2 years ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆815Feb 4, 2026Updated last week
- A curated list of KAPE-related resources☆179May 1, 2025Updated 9 months ago
- Carve file metadata from NTFS index ($I30) attributes☆70Feb 3, 2024Updated 2 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆861Jan 20, 2022Updated 4 years ago
- Windows Events Attack Samples☆2,507Jan 24, 2023Updated 3 years ago
- Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.☆613Dec 8, 2025Updated 2 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆765Jan 15, 2026Updated 3 weeks ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated last month
- A Fast (and safe) parser for the Windows XML Event Log (EVTX) format☆880Feb 6, 2026Updated last week
- Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…☆1,073Nov 25, 2025Updated 2 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆116Jan 26, 2022Updated 4 years ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- Everything related to Linux Forensics☆719Jul 13, 2023Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- Digital Forensics Investigation Platform☆870Oct 12, 2024Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- #ThreatHunting #DFIR #Malware #Detection Mind Maps☆306Nov 13, 2021Updated 4 years ago
- An NTFS/FAT parser for digital forensics & incident response☆217Oct 31, 2025Updated 3 months ago
- PowerShell module for Office 365 and Azure log collection☆280Sep 22, 2025Updated 4 months ago
- DFIQ is a collection of investigative questions and the approaches for answering them☆301Jan 17, 2025Updated last year
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,048Dec 11, 2024Updated last year
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago