DFIR-ORC / dfir-orc-config
Configurations for DFIR ORC
☆24Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for dfir-orc-config
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Updated 4 months ago
- The core backend server handling API requests and task management☆31Updated 2 weeks ago
- ☆31Updated last month
- Yara Based Detection Engine for web browsers☆47Updated 3 years ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆31Updated 2 years ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆56Updated last year
- A Splunk Technology Add-on to forward filtered ETW events.☆30Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆68Updated last year
- Steezy - Ghetto Yara Generation☆15Updated last year
- Community modules for FAME☆64Updated this week
- Alternative YARA scanning engine☆67Updated 2 years ago
- Threat intelligence and threat detection indicators (IOC, IOA)☆53Updated 3 years ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆49Updated last year
- MWDB exercises☆19Updated 5 months ago
- evtx2json extracts events of interest from event logs, dedups them, and exports them to json.☆41Updated 3 years ago
- ☆43Updated last year
- A YARA Rule Performance Measurement Tool☆58Updated 8 months ago
- Malware similarity platform with modularity in mind.☆76Updated 3 years ago
- Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows☆12Updated 5 months ago
- Simple yara rule manager☆65Updated last year
- YARA rule analyzer to improve rule quality and performance☆93Updated 11 months ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Random hunting ordiented yara rules☆95Updated last year
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆37Updated 4 years ago
- Scripts and lists to help generate YARA friendly string mutations☆19Updated last year
- Core server components for Assemblyline 4 (Alerter, dispatcher, expiry, ingester, scaler, updater, ...)☆19Updated this week
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 10 months ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆98Updated 2 months ago
- Windows file metadata / forensic tool.☆15Updated 2 months ago