DFIR-ORC / dfir-orc-configView external linksLinks
Configurations for DFIR ORC
☆28Mar 28, 2024Updated last year
Alternatives and similar repositories for dfir-orc-config
Users that are interested in dfir-orc-config are comparing it to the libraries listed below
Sorting:
- Documentation for DFIR ORC, artefact collection tool dedicated to Microsoft Windows☆12May 23, 2025Updated 8 months ago
- Forensics artefact collection tool for systems running Microsoft Windows☆431Mar 26, 2025Updated 10 months ago
- orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them☆34Jun 27, 2025Updated 7 months ago
- NTFS samples☆27Aug 1, 2020Updated 5 years ago
- Indicators of compromise☆17Jan 29, 2026Updated 2 weeks ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 8 months ago
- A script to assist in processing forensic RAM captures for malware triage☆26Feb 4, 2021Updated 5 years ago
- ☆11Mar 12, 2021Updated 4 years ago
- Konrads' Pen-Ultimate (Windows) Log File Parser☆14Dec 27, 2025Updated last month
- ☆23May 19, 2019Updated 6 years ago
- Incident Response Scripts☆30Mar 1, 2020Updated 5 years ago
- custom Python script to perform Yara matching in Cortex XDR☆14May 18, 2021Updated 4 years ago
- This is a repository for reporting any issues in any of my software☆13May 15, 2018Updated 7 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆72Apr 3, 2024Updated last year
- Autopsy Module to analyze Registry Hives☆15Feb 18, 2022Updated 3 years ago
- Repository to provide files related to our blog articles.☆16May 26, 2025Updated 8 months ago
- ☆15May 1, 2023Updated 2 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆72Feb 13, 2025Updated last year
- Send and receive files securely through Tor.☆43Feb 25, 2023Updated 2 years ago
- ☆17Mar 22, 2018Updated 7 years ago
- Volatility plugin to help identify DoublePulsar implant by listing the array of pointers SrvTransaction2DispatchTable from the srv.sys dr…☆16Aug 14, 2017Updated 8 years ago
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Nov 16, 2018Updated 7 years ago
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- Tools and scripts to deploy and manage OpenRelik instances☆16Jun 11, 2025Updated 8 months ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Parses amcache.hve files, but with a twist!☆150Jan 12, 2025Updated last year
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆76Jun 8, 2019Updated 6 years ago
- Détection d'anomalie à partir des journaux d'authentification Windows☆18Apr 16, 2021Updated 4 years ago
- Ansible playbook to deploy a Nextcloud instance on a clean Ubuntu server (LEMP stack)☆15Nov 11, 2022Updated 3 years ago
- ☆17Nov 12, 2019Updated 6 years ago
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆44Jun 6, 2022Updated 3 years ago
- Library of threat hunts to get any user started!☆48Sep 4, 2020Updated 5 years ago
- Parses Java Cache IDX files☆40Feb 28, 2018Updated 7 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- ☆18Apr 4, 2019Updated 6 years ago
- More Obvious Webmalware Repository☆16Dec 16, 2016Updated 9 years ago
- PE Import Hash Generator☆78Jul 17, 2017Updated 8 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago