☆22Aug 29, 2024Updated last year
Alternatives and similar repositories for TheDFIRThing
Users that are interested in TheDFIRThing are comparing it to the libraries listed below
Sorting:
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Nov 23, 2022Updated 3 years ago
- Sigma rules converted for direct use with Zircolite☆14Updated this week
- A DFIR tool to analyze artifacts on macOS☆35Jan 18, 2021Updated 5 years ago
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 9 months ago
- Search Index Database Reporter☆131Oct 28, 2025Updated 4 months ago
- Legacy Sigma Tools (sigmac etc.)☆16May 7, 2023Updated 2 years ago
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Feb 11, 2026Updated 3 weeks ago
- Incident Response Methodologies (IRM), also called Incident Playbook, based on the work done by the CERT Societe General☆24Dec 16, 2021Updated 4 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated last year
- FOR508 Index - GCFA☆24May 19, 2018Updated 7 years ago
- Hunt for SQLite files used by various applications☆30Jan 31, 2026Updated last month
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 2 months ago
- ☆14Oct 24, 2024Updated last year
- Here are some common interview questions for an application security position you can review for your own interview, along with example a…☆31Apr 17, 2022Updated 3 years ago
- USN Journal full path builder☆65Sep 16, 2024Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆118Oct 8, 2023Updated 2 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Dec 21, 2022Updated 3 years ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆78Oct 20, 2025Updated 4 months ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)☆196Feb 16, 2023Updated 3 years ago
- ☆67Feb 15, 2026Updated 2 weeks ago
- File integrity monitor with malware detection using machine learning☆14May 23, 2024Updated last year
- ☆35Nov 14, 2024Updated last year
- Run Velociraptor on Security Onion☆40Jul 27, 2022Updated 3 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- Practical Windows Forensics Training☆751Feb 16, 2026Updated 2 weeks ago
- ☆35Oct 20, 2024Updated last year
- https://academy.tcm-sec.com/☆14Aug 19, 2025Updated 6 months ago
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 7 months ago
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Jan 13, 2026Updated last month
- An Adaptive Misuse Detection System☆46Nov 4, 2024Updated last year
- Collection of scripts provided for public use☆39Feb 4, 2026Updated last month
- Active C&C Detector☆156Oct 5, 2023Updated 2 years ago
- This is a tutorial for a data-secure home surveillance system with notifications to mobile devices.☆13Mar 14, 2022Updated 3 years ago
- Starter Projects for the Docker Course☆11Dec 25, 2025Updated 2 months ago
- Network Shredder IDS☆11Aug 14, 2024Updated last year
- Dump macOS 1.8+ password hashes to a hashcat-compatible format☆14May 29, 2022Updated 3 years ago
- OWASP Coimbatore's Web & Project Repository☆13Jan 23, 2026Updated last month
- Some notes written during my OSCP Journey (KeepNote project)☆10Mar 2, 2020Updated 6 years ago
- A cross platform forensic parser written in Rust!☆101Updated this week