DFIR-ORC / dfir-orc

Related projects ⓘ

Alternatives and complementary repositories for dfir-orc

• MarkBaggett / srum-dump
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆596Updated last week
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆146Updated last month
• log2timeline / dftimewolf
  A framework for orchestrating forensic collection, processing and data export
  ☆296Updated this week
• CERT-Polska / mwdb-core
  Malware repository component for samples & static configuration with REST API interface.
  ☆328Updated this week
• orlikoski / CyLR
  CyLR - Live Response Collection Tool
  ☆647Updated 2 years ago
• OWNsecurity / fastir_artifacts
  Live forensic artifacts collector
  ☆160Updated 4 months ago
• advanced-threat-research / Yara-Rules
  Repository of YARA rules made by Trellix ATR Team
  ☆570Updated 11 months ago
• Neo23x0 / munin
  Online hash checker for Virustotal and other services
  ☆809Updated 6 months ago
• sbousseaden / Slides
  Misc Threat Hunting Resources
  ☆372Updated last year
• mikesxrs / Open-Source-YARA-rules
  YARA Rules I come across on the internet
  ☆334Updated 7 months ago
• davidpany / WMI_Forensics
  ☆294Updated 4 years ago
• CERT-Polska / karton
  Distributed malware processing framework based on Python, Redis and S3.
  ☆393Updated 3 weeks ago
• CERT-Polska / mquery
  YARA malware query accelerator (web frontend)
  ☆414Updated this week
• MISP / misp-training
  MISP trainings, threat intel and information sharing training materials with source code
  ☆389Updated this week
• ANSSI-FR / ADTimeline
  Timeline of Active Directory changes with replication metadata
  ☆475Updated last week
• StrangerealIntel / DailyIOC
  IOC from articles, tweets for archives
  ☆311Updated 11 months ago
• CrowdStrike / SuperMem
  A python script developed to process Windows memory images based on triage type.
  ☆258Updated 11 months ago
• lucky-luk3 / Grafiki
  Threat Hunting tool about Sysmon and graphs
  ☆329Updated last year
• ANSSI-FR / AD-control-paths
  Active Directory Control Paths auditing and graphing tools
  ☆654Updated 3 years ago
• GossiTheDog / ThreatHunting
  Tools for hunting for threats.
  ☆568Updated last month
• dfirtrack / dfirtrack
  DFIRTrack - The Incident Response Tracking Application
  ☆482Updated 2 months ago
• AndrewRathbun / DFIRMindMaps
  A repository of DFIR-related Mind Maps geared towards the visual learners!
  ☆514Updated 2 years ago
• Velocidex / c-aff4
  An AFF4 C++ implementation.
  ☆188Updated last year
• orlikoski / CDQR
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆334Updated 2 years ago
• forensicanalysis / artifactcollector
  🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
  ☆270Updated last month
• airbus-cert / regrippy
  A modern Python-3-based alternative to RegRipper
  ☆187Updated 2 weeks ago
• mkorman90 / regipy
  Regipy is an os independent python library for parsing offline registry hives
  ☆244Updated 2 months ago
• muteb / Hoarder
  This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …
  ☆193Updated 4 years ago
• mandiant / capa-rules
  Standard collection of rules for capa: the tool for enumerating the capabilities of programs
  ☆543Updated this week
• sophoslabs / IoCs
  Sophos-originated indicators-of-compromise from published reports
  ☆546Updated 2 weeks ago