☆22Aug 29, 2024Updated last year
Alternatives and similar repositories for TheDFIRThing
Users that are interested in TheDFIRThing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆108Mar 12, 2026Updated 2 months ago
- Sigma rules converted for direct use with Zircolite☆15Updated this week
- Search Index Database Reporter☆136Oct 28, 2025Updated 6 months ago
- ☆15Oct 24, 2024Updated last year
- Contains compiled binaries of Volatility☆36May 18, 2025Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A DFIR tool to analyze artifacts on macOS☆35Jan 18, 2021Updated 5 years ago
- USN Journal full path builder☆69Apr 16, 2026Updated last month
- Incident Response Methodologies (IRM), also called Incident Playbook, based on the work done by the CERT Societe General☆24Dec 16, 2021Updated 4 years ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆81Oct 20, 2025Updated 7 months ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆12May 6, 2026Updated 2 weeks ago
- A tool for fetching DFIR and other GitHub tools.☆29Aug 2, 2025Updated 9 months ago
- Hunt the windows Registry automatically using VQL☆16May 4, 2026Updated 3 weeks ago
- Sigma detection rules for hunting with the threathunting-keywords project☆60Mar 2, 2025Updated last year
- A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).☆65Apr 24, 2019Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A python script for easy static analysis and automatic signature generation of malware.☆12Sep 30, 2013Updated 12 years ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆122Oct 8, 2023Updated 2 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- Hunt for SQLite files used by various applications☆31Mar 1, 2026Updated 2 months ago
- Windows Forensic Environment (WinFE) - based on WinPE☆42Mar 16, 2023Updated 3 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆626May 15, 2026Updated last week
- Reimplementation of libdetectcoll in Go☆19Mar 6, 2017Updated 9 years ago
- Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser☆47Apr 4, 2026Updated last month
- A Wiki containing guides to modding many different consumer electronic devices.☆18Jul 5, 2014Updated 11 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Collection of scripts provided for public use☆43Updated this week
- FOR508 Index - GCFA�☆25May 19, 2018Updated 8 years ago
- Bash script for performing the logical acquisition of Apple Silicon Mac☆18Jun 21, 2024Updated last year
- CLI tools for forensic investigation of Windows artifacts☆351Jul 21, 2025Updated 10 months ago
- DFIR notebooks GCIH Gold project, paper☆12Apr 30, 2015Updated 11 years ago
- /ˈhäjˌpäj/ "a confused mixture."☆15May 14, 2026Updated last week
- Legacy Sigma Tools (sigmac etc.)☆16May 7, 2023Updated 3 years ago
- Sophos Central PowerShell module☆12Jul 11, 2023Updated 2 years ago
- A cross platform forensic parser written in Rust!☆112Updated this week
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21May 5, 2026Updated 2 weeks ago
- Modular command-line threat hunting tool & framework.☆17Jul 20, 2020Updated 5 years ago
- L.I.A.M is an open source case management system for digital forensics labs. Law-Enforcement Investigations and Asset Management☆13Jul 4, 2025Updated 10 months ago
- ☆35Oct 20, 2024Updated last year
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆65Dec 21, 2022Updated 3 years ago
- A suite of Volatility 3 plugins for memory forensics of Docker containers☆18Jan 10, 2024Updated 2 years ago
- Run Velociraptor on Security Onion☆41Jul 27, 2022Updated 3 years ago