LETHAL-FORENSICS / Collect-MemoryDumpLinks
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
☆240Updated 2 months ago
Alternatives and similar repositories for Collect-MemoryDump
Users that are interested in Collect-MemoryDump are comparing it to the libraries listed below
Sorting:
- A ProcessMonitor visualization application written in rust.☆180Updated last year
- ☆201Updated 7 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆153Updated 3 years ago
- Active C&C Detector☆154Updated last year
- ☆160Updated last year
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆264Updated last year
- Automating EDR Testing with reference to MITRE ATTACK via Cobalt Strike [Purple Team].☆151Updated 2 years ago
- ☆247Updated last year
- Initial triage of Windows Event logs☆99Updated 11 months ago
- A python script developed to process Windows memory images based on triage type.☆262Updated last year
- A collection of tools, scripts and personal research☆128Updated last month
- A C# based tool for analysing malicious OneNote documents☆113Updated 2 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆126Updated 2 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆166Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆147Updated 2 years ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆276Updated last year
- ☆299Updated 7 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆329Updated 2 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆212Updated 2 years ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆95Updated 2 years ago
- A collection of tools to interact with Microsoft Security Response Center API☆96Updated last year
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆174Updated 4 months ago
- A small util to brute-force prefetch hashes☆77Updated 2 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆313Updated 3 weeks ago
- RegRipper4.0☆50Updated last month
- PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory …☆94Updated last year
- Aims to identify sleeping beacons☆596Updated 5 months ago
- DNS Tunneling using powershell to download and execute a payload. Works in CLM.☆219Updated 3 years ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆180Updated last week
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆31Updated 3 years ago