DFIR-ORC/dfir-orc-config external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

DFIR-ORC/dfir-orc-config

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/DFIR-ORC/dfir-orc-config)

Close

DFIR-ORC / dfir-orc-configView on GitHubMore

• External links
• Readme badge

Configurations for DFIR ORC

☆28Mar 28, 2024Updated 2 years ago

Alternatives and similar repositories for dfir-orc-config

Users that are interested in dfir-orc-config are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• DFIR-ORC / dfir-orc.github.io

  View on GitHub
  Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows
  ☆12Apr 10, 2026Updated last week
• DFIR-ORC / dfir-orc

  View on GitHub
  Forensics artefact collection tool for systems running Microsoft Windows
  ☆434Mar 26, 2025Updated last year
• ANSSI-FR / WAAD

  View on GitHub
  Détection d'anomalie à partir des journaux d'authentification Windows
  ☆18Apr 16, 2021Updated 5 years ago
• ANSSI-FR / orc2timeline

  View on GitHub
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆34Jun 27, 2025Updated 9 months ago
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆17Jan 29, 2026Updated 2 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• msuhanov / ntfs-samples

  View on GitHub
  NTFS samples
  ☆27Aug 1, 2020Updated 5 years ago
• bricerenaud / xdr_yara_rule_matching

  View on GitHub
  custom Python script to perform Yara matching in Cortex XDR
  ☆14May 18, 2021Updated 4 years ago
• ANSSI-FR / bits_parser

  View on GitHub
  Extract BITS jobs from QMGR queue and store them as CSV records
  ☆74Feb 13, 2025Updated last year
• mitre / thumbtack

  View on GitHub
  A web front-end providing a REST-ful API to mount and unmount forensic disk images
  ☆22Feb 14, 2026Updated 2 months ago
• ANSSI-FR / ORADAZ

  View on GitHub
  Outil de récupération automatique des données AZure / Automated tool for dumping Azure configuration data
  ☆21Nov 13, 2025Updated 5 months ago
• ANSSI-FR / sftp2misp

  View on GitHub
  Automation script to download JSON MISP files from a SFTP server and import them via API to a MISP instance.
  ☆15May 12, 2023Updated 2 years ago
• openrelik / openrelik-deploy

  View on GitHub
  Tools and scripts to deploy and manage OpenRelik instances
  ☆16Mar 23, 2026Updated 3 weeks ago
• hvs-consulting / ioc_signatures

  View on GitHub
  Repository with selected IOCs and YARA rules for threat hunting.
  ☆35Apr 8, 2026Updated last week
• CERT-SYNETIS / PyTriage

  View on GitHub
  Outil de triage automatisé de différents types de collectes d'artefacts.
  ☆18Dec 8, 2025Updated 4 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• iNod3 / sandbagility

  View on GitHub
  ☆23May 19, 2019Updated 6 years ago
• Hestat / calamity

  View on GitHub
  A script to assist in processing forensic RAM captures for malware triage
  ☆26Feb 4, 2021Updated 5 years ago
• ANSSI-FR / bootcode_parser

  View on GitHub
  A boot record parser that identifies known good signatures for MBR, VBR and IPL.
  ☆96Feb 12, 2025Updated last year
• Rurik / Java_IDX_Parser

  View on GitHub
  Parses Java Cache IDX files
  ☆40Feb 28, 2018Updated 8 years ago
• idiom / IRScripts

  View on GitHub
  Incident Response Scripts
  ☆30Mar 1, 2020Updated 6 years ago
• ANSSI-FR / DFIR-O365RC

  View on GitHub
  PowerShell module for Office 365 and Azure log collection
  ☆280Sep 22, 2025Updated 6 months ago
• airbus-cert / Splunk-ETW

  View on GitHub
  A Splunk Technology Add-on to forward filtered ETW events.
  ☆31Oct 14, 2020Updated 5 years ago
• ANSSI-FR / bmc-tools

  View on GitHub
  RDP Bitmap Cache parser
  ☆644Jan 21, 2025Updated last year
• nbs-system / mowr

  View on GitHub
  More Obvious Webmalware Repository
  ☆16Dec 16, 2016Updated 9 years ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• center-for-threat-informed-defense / attack_to_veris

  View on GitHub
  🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …
  ☆72Apr 3, 2024Updated 2 years ago
• Mote-Z / rootkit

  View on GitHub
  ☆18Nov 12, 2019Updated 6 years ago
• BorjaMerino / DoublePulsar-Volatility

  View on GitHub
  Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys dr…
  ☆16Aug 14, 2017Updated 8 years ago
• EricZimmerman / AmcacheParser

  View on GitHub
  Parses amcache.hve files, but with a twist!
  ☆150Jan 12, 2025Updated last year
• BushidoUK / MITRE-Mappings

  View on GitHub
  A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.
  ☆26Mar 20, 2025Updated last year
• Winbagility / Winbagility

  View on GitHub
  [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;
  ☆76Jun 8, 2019Updated 6 years ago
• truekonrads / kpulp

  View on GitHub
  Konrads' Pen-Ultimate (Windows) Log File Parser
  ☆14Dec 27, 2025Updated 3 months ago
• 00010111 / smbtimeline

  View on GitHub
  ☆35Oct 20, 2024Updated last year
• laciKE / EsetLogParser

  View on GitHub
  Python script for parsing ESET (NOD32) virlog.dat file.
  ☆14Sep 28, 2017Updated 8 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• mkorman90 / regipy

  View on GitHub
  Regipy is an os independent python library for parsing offline registry hives
  ☆273Updated this week
• MortenSchenk / tagWnd-Hardening-Bypass

  View on GitHub
  Bypass for the hardening against usage of tagWnd as a kernel read/write primitive
  ☆32Mar 22, 2017Updated 9 years ago
• ANSSI-FR / DFIR4vSphere

  View on GitHub
  Powershell module for VMWare vSphere forensics
  ☆173Nov 8, 2024Updated last year
• openrelik / openrelik-server

  View on GitHub
  The backend server handling API requests and task management
  ☆60Updated this week
• memprocfshunt / MemProcFSHunter

  View on GitHub
  A powershell parser for https://github.com/ufrisk/MemProcFS
  ☆45May 12, 2021Updated 4 years ago
• google / dfiq

  View on GitHub
  DFIQ is a collection of investigative questions and the approaches for answering them
  ☆306Mar 10, 2026Updated last month
• omerbenamram / pymft-rs

  View on GitHub
  Python bindings for https://github.com/omerbenamram/mft
  ☆23Dec 23, 2025Updated 3 months ago