Rapidly Search and Hunt through Linux Forensics Artifacts
☆201Jan 4, 2024Updated 2 years ago
Alternatives and similar repositories for ChopChopGo
Users that are interested in ChopChopGo are comparing it to the libraries listed below
Sorting:
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆324May 1, 2025Updated 10 months ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆646Nov 7, 2025Updated 4 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆697Oct 22, 2025Updated 4 months ago
- Capture. Detonate. Collect☆14Sep 20, 2024Updated last year
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,249Feb 25, 2026Updated last week
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,037Feb 24, 2026Updated last week
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Jun 28, 2023Updated 2 years ago
- Bash tool used for proactive detection of malicious activity on macOS systems.☆39Sep 29, 2025Updated 5 months ago
- Initial triage of Windows Event logs☆106Jun 16, 2024Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆786Feb 22, 2026Updated last week
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- Documentation and scripts to properly enable Windows event logs.☆672Oct 3, 2025Updated 5 months ago
- ESXi Cyber Security Incident Response Script☆25Sep 4, 2024Updated last year
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆253Oct 29, 2025Updated 4 months ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,402Nov 7, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)☆779Feb 3, 2023Updated 3 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆168Dec 7, 2025Updated 2 months ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆70Feb 3, 2022Updated 4 years ago
- This repository serves as a place for community created Targets and Modules for use with KAPE.☆817Feb 26, 2026Updated last week
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 7 months ago
- Artifact collection tool for *nix systems☆212Mar 20, 2024Updated last year
- ☆215Dec 2, 2025Updated 3 months ago
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆757Feb 1, 2026Updated last month
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 3 months ago
- ☆21Nov 19, 2025Updated 3 months ago
- Transform Linux Audit logs for SIEM usage☆815Feb 27, 2026Updated last week
- Enhance your malware detection with WAF + YARA (WAFARAY)☆108Sep 29, 2022Updated 3 years ago
- ShellSweeping the evil.☆181Nov 25, 2024Updated last year
- Incident Response collection and processing scripts with automated reporting scripts☆321Jun 25, 2024Updated last year
- A collection of tools and detections for the Sliver C2 Frameworj☆132Apr 24, 2023Updated 2 years ago
- A ProcessMonitor visualization application written in rust.☆184Aug 6, 2023Updated 2 years ago
- Powershell module for VMWare vSphere forensics☆168Nov 8, 2024Updated last year