DFIR-ORC / dfir-orc-config
Configurations for DFIR ORC
☆24Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for dfir-orc-config
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Updated 4 months ago
- The core backend server handling API requests and task management☆31Updated this week
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- ☆31Updated 2 weeks ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆56Updated last year
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated 11 months ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆31Updated 2 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- MWDB exercises☆19Updated 5 months ago
- Documentation and parsers for different anti-virus quarantine formats.☆41Updated 3 years ago
- ☆27Updated 2 years ago
- Community modules for FAME☆64Updated last week
- Simple yara rule manager☆65Updated last year
- Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows☆12Updated 4 months ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆34Updated last year
- Publicly shareable windows event log message data☆27Updated 4 years ago
- Malware similarity platform with modularity in mind.☆76Updated 3 years ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆48Updated 7 months ago
- Powershell sandboxing utility☆17Updated 2 weeks ago
- YARA rule analyzer to improve rule quality and performance☆93Updated 11 months ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆63Updated last year
- Miscellaneous Scripts☆17Updated 4 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- Dashboards for conducting forensic investigation using windows events in Kibana☆17Updated 5 years ago
- ☆16Updated last month
- ☆36Updated 3 years ago
- evtx2json extracts events of interest from event logs, dedups them, and exports them to json.☆41Updated 3 years ago
- Collection of scripts provided for public use☆31Updated 3 weeks ago
- Repository with selected IOCs and YARA rules for threat hunting.☆32Updated 2 months ago
- USN Journal full path builder☆36Updated last month