Alternatives and similar repositories for EvtXHunt

Users that are interested in EvtXHunt are comparing it to the libraries listed below

• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆57Updated 3 years ago
• plonxyz / 4n6pi
  ☆20Updated 3 months ago
• op7ic / Cloud-Investigate
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆38Updated last year
• op7ic / unix_collector
  unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Andro…
  ☆38Updated 4 months ago
• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆78Updated 4 years ago
• NextronSystems / velociraptor-artifacts-thor
  Thor Artifacts for Velociraptor
  ☆17Updated last year
• alex-cart / LEAF
  Linux Evidence Acquisition Framework
  ☆118Updated last year
• cmdshiftd / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 8 months ago
• gmagklaras / POFR
  Penguin OS Forensic (or Flight) Recorder
  ☆41Updated 9 months ago
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆102Updated last year
• strozfriedberg / QELP
  Quick ESXi Log Parser
  ☆26Updated last month
• McL0vinn / Windows-Forensic-Examination-and-Threat-Hunting
  Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…
  ☆12Updated 3 years ago
• OverTheNet / CODE_OF_MALWARE_I
  Contains Actual Events and Codes of Threat Groups, APTs, Research Groups
  ☆19Updated 3 years ago
• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆26Updated 2 weeks ago
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆71Updated 2 years ago
• DCScoder / ESXiTri
  ESXi Cyber Security Incident Response Script
  ☆25Updated last year
• mdecrevoisier / Windows-authentication-brutforce-cheatsheet
  Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.
  ☆18Updated 2 years ago
• salehmuhaysin / DFIR-Tools
  All the useful tools interesting to be used
  ☆23Updated 3 years ago
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆35Updated 4 months ago
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆45Updated last year
• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆34Updated 3 months ago
• fox-it / skrapa
  A zero dependency and customizable Python library for scanning Windows and Linux process memory.
  ☆66Updated last year
• Hestat / calamity
  A script to assist in processing forensic RAM captures for malware triage
  ☆27Updated 4 years ago
• dfir-dd / incident-response-playbooks
  Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents
  ☆49Updated last year
• HuskyHacks / blue-jupyter
  Jupyter Notebooks for the Blue Team
  ☆36Updated 8 months ago
• swisscom / ArtifactCollectionMatrix
  Forensic Artifact Collection Tool Matrix
  ☆91Updated 11 months ago
• Squiblydoo / Chromagnon
  Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
  ☆18Updated last year
• CyberSecurityUP / Adversary-Emulation-Guide
  ☆22Updated 2 years ago
• svdwi / BlueBox
  BlueBox Malware analysis Box and Cyber threat intelligence.
  ☆43Updated 3 years ago
• Symantec / threathunters
  ☆29Updated 9 months ago