JouniMi / TheDFIRThing
☆15Updated 3 weeks ago
Related projects: ⓘ
- Collection of scripts provided for public use☆28Updated last month
- Logbook for Digital Forensics and Incident Response☆48Updated 2 months ago
- Remote access and Antivirus Logging Database☆39Updated 4 months ago
- Sigma detection rules for hunting with the threathunting-keywords project☆47Updated 2 weeks ago
- ☆19Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆47Updated last year
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 2 years ago
- ☆84Updated 4 months ago
- Forensic Artifact Collection Tool Matrix☆70Updated 2 years ago
- simple webapp for converting sigma rules into siem queries using the pySigma library☆47Updated last year
- Library of threat hunts to get any user started!☆40Updated 4 years ago
- ☆28Updated last year
- ☆18Updated 2 years ago
- Parses USB connection artifacts from offline Registry hives☆50Updated last week
- ☆79Updated last month
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements☆113Updated 9 months ago
- Azure function to insert MISP data in to Azure Sentinel☆30Updated last year
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆21Updated 3 weeks ago
- USN Journal full path builder☆36Updated this week
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆53Updated last year
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆41Updated 2 years ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆90Updated 11 months ago
- User Feedback Space of #MitreAssistant☆37Updated last year
- A tool that allows you to document and assess any security automation in your SOC☆40Updated 4 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆17Updated 10 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆42Updated 2 weeks ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆38Updated 2 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago