KasperskyLab / ForensicsTools
Tools for DFIR
☆116Updated 6 years ago
Related projects: ⓘ
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆180Updated 4 years ago
- Python script to decode common encoded PowerShell scripts☆214Updated 6 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆158Updated 5 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- This is a logon script used to detect the theft of credentials by tools such as Mimikatz☆116Updated 9 years ago
- A modern Python-3-based alternative to RegRipper☆184Updated 11 months ago
- PowerShell No Agent Hunting☆107Updated 6 years ago
- Cuckoo Sandbox is an automated dynamic malware analysis system☆106Updated 4 years ago
- Windows Live Artifacts Acquisition Script☆181Updated 2 years ago
- Lazy Office Analyzer☆118Updated 7 years ago
- Invoke-LiveResponse☆145Updated 2 years ago
- Reconstruct process trees from event logs☆143Updated 4 years ago
- Tools for the Computer Incident Response Team☆141Updated 7 years ago
- Test Blue Team detections without running any attack.☆269Updated 4 months ago
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆80Updated 6 years ago
- Understanding ATT&CK Matrix for Enterprise☆79Updated 6 years ago
- Tool to help analyze PDF files☆175Updated 10 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- Mitre Att&ck Technique Emulation☆82Updated 5 years ago
- SEC599 supporting GitHub repository☆14Updated 5 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆114Updated 3 years ago
- ☆344Updated 3 years ago
- A powershell script for creating a Windows honeyport.☆87Updated 8 years ago
- Tools from WFA 4/e, timeline tools, etc.☆130Updated 6 months ago
- A collection of infosec related scripts and information.☆53Updated last week
- Differential Analysis of Malware in Memory☆209Updated 7 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆111Updated 3 months ago
- Collecting & Hunting for IOCs with gusto and style☆235Updated 3 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆175Updated 3 years ago
- Dump of organized knowledge on DFIR☆132Updated 2 years ago