KasperskyLab / ForensicsToolsLinks
Tools for DFIR
☆120Updated 7 years ago
Alternatives and similar repositories for ForensicsTools
Users that are interested in ForensicsTools are comparing it to the libraries listed below
Sorting:
- Extract common Windows artifacts from source images and VSCs☆65Updated 4 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆195Updated 3 months ago
- Python script to decode common encoded PowerShell scripts☆216Updated 7 years ago
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆82Updated 7 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆118Updated last year
- Cuckoo Sandbox is an automated dynamic malware analysis system☆107Updated 5 years ago
- Yet another registry parser☆132Updated 3 years ago
- A powershell script for creating a Windows honeyport.☆89Updated 3 months ago
- PowerShell No Agent Hunting☆110Updated 7 years ago
- Windows Live Artifacts Acquisition Script☆188Updated 3 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- Reconstruct process trees from event logs☆146Updated 4 years ago
- Tools from WFA 4/e, timeline tools, etc.☆141Updated last year
- Differential Analysis of Malware in Memory☆212Updated 8 years ago
- PE Import Hash Generator☆80Updated 7 years ago
- Page File analysis tools.☆127Updated 9 years ago
- A collection of infosec related scripts and information.☆53Updated 8 months ago
- ☆277Updated 2 years ago
- Detecting Lateral Movement with Machine Learning☆137Updated 7 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆166Updated 6 years ago
- A modern Python-3-based alternative to RegRipper☆196Updated 2 months ago
- ☆350Updated 4 years ago
- Test Blue Team detections without running any attack.☆272Updated last year
- Tools for the Computer Incident Response Team☆144Updated 8 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆109Updated 7 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆221Updated 4 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Updated 6 years ago
- Invoke-LiveResponse☆148Updated 3 years ago
- Cuckoo running in a nested hypervisor☆128Updated 5 years ago
- ☆82Updated 8 years ago