SAP-archive/forensic-artifact-automation external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SAP-archive/forensic-artifact-automation

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SAP-archive/forensic-artifact-automation)

Close

SAP-archive / forensic-artifact-automationView on GitHubMore

• External links
• Readme badge

A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing open-source tools, such as Kape (Kroll Artifact Parser and Extractor), to forensically acquire and process necessary artifact used in compromise assessments. Additional scripts provide pre-processing automation…

☆12Apr 26, 2023Updated 2 years ago

Alternatives and similar repositories for forensic-artifact-automation

Users that are interested in forensic-artifact-automation are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• dwmetz / Axiom-PowerShell

  View on GitHub
  PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
  ☆12Aug 26, 2024Updated last year
• dwmetz / Mal-Hash

  View on GitHub
  This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.
  ☆15Jul 13, 2023Updated 2 years ago
• vsevolobo / Magic-IP-s-for-free-mobile-internet

  View on GitHub
  ☆12Dec 12, 2022Updated 3 years ago
• n1ght-w0lf / pe-unmapper

  View on GitHub
  A small tool to unmap PE memory dumps.
  ☆11Nov 9, 2023Updated 2 years ago
• Intrinsec / mplog_parser

  View on GitHub
  This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.
  ☆21Sep 30, 2022Updated 3 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• jschicht / StegoMft

  View on GitHub
  PoC for hiding data within $MFT
  ☆12Aug 14, 2014Updated 11 years ago
• MichalMotylinski / DiscFor-Discord-Artefact-Extraction-Tool

  View on GitHub
  Digital Artefact Extraction Tool for Discord Application
  ☆12Apr 13, 2023Updated 3 years ago
• yukselberkay / pmanager

  View on GitHub
  Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted passw…
  ☆33Mar 4, 2023Updated 3 years ago
• blackhatethicalhacking / KeeThief

  View on GitHub
  Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
  ☆11Apr 2, 2022Updated 4 years ago
• dwmetz / detonaRE

  View on GitHub
  Capture. Detonate. Collect
  ☆14Sep 20, 2024Updated last year
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• reuteras / dfirws

  View on GitHub
  Do DFIR work in a Windows Sandbox
  ☆21Updated this week
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• iandday / o365AuditParser

  View on GitHub
  Microsoft Office365 Protection Center Audit Log Parser
  ☆27Jul 17, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• cyb3rint3l-labs / ServerSecurityAudit

  View on GitHub
  PowerShell-based Windows Server Security Audit Engine by Cyb3rint3l Labs. Measures alignment with the NIS2 directive and maps findings to…
  ☆42Feb 1, 2026Updated 2 months ago
• elceef / yara-rulz

  View on GitHub
  Collection of generic YARA rules
  ☆16Mar 18, 2026Updated last month
• NetSec-Focus / netsec-focus.learningresources

  View on GitHub
  ☆14Aug 13, 2019Updated 6 years ago
• gregcmartin / villager

  View on GitHub
  Reverse engineered the villager pypi package to github repo for analysis
  ☆26Sep 20, 2025Updated 6 months ago
• RegSeek / regseek.github.io

  View on GitHub
  Vault of Windows Registry forensic artifacts
  ☆30Nov 12, 2025Updated 5 months ago
• alpine-sec / SPECTR3

  View on GitHub
  Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.
  ☆44Oct 25, 2024Updated last year
• onlyphantom / coronavirus

  View on GitHub
  A Shiny Web App tutorial inspecting the COVID-19 (2019-nCoV) epidemic, data from https://github.com/CSSEGISandData/COVID-19/tree/master/c…
  ☆10Apr 18, 2020Updated 6 years ago
• blackhatethicalhacking / pixload

  View on GitHub
  Image Payload Creating/Injecting tools
  ☆13Jun 6, 2021Updated 4 years ago
• fatalxs / oscp-cheatsheet

  View on GitHub
  A cheatsheet I made while taking OSCP+/PEN-200 in 2024-2025
  ☆38Apr 1, 2025Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Forensics-Lab / ReadFS

  View on GitHub
  A tool designed to extract data from a logical ReFS 3.4 forensic image produced by FTK Imager
  ☆16Nov 22, 2023Updated 2 years ago
• Adepts-Of-0xCC / SnoopyOwl

  View on GitHub
  ☆49May 12, 2021Updated 4 years ago
• AmirHoseinTangsiriNET / EventLogSilencer

  View on GitHub
  EventLogSilencer is a PowerShell script designed for disable Windows Event Logging
  ☆18Oct 28, 2023Updated 2 years ago
• intelliroot-tech / ProcessHuntingToolkit

  View on GitHub
  Process hunting Toolkit is toolkit capable of hunting down malicious processes on Windows
  ☆14Jan 31, 2025Updated last year
• jreppiks / CVE-2017-12149

  View on GitHub
  Jboss Java Deserialization RCE (CVE-2017-12149)
  ☆13Aug 22, 2019Updated 6 years ago
• dlcowen / sansfor509

  View on GitHub
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆227Oct 26, 2025Updated 5 months ago
• NorthwaveSecurity / lilo-pulse-secure-decrypt

  View on GitHub
  LILO based Pulse Secure appliance disk image decryptor
  ☆13Mar 20, 2024Updated 2 years ago
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆17Jan 29, 2026Updated 2 months ago
• SecurityAura / Aura-Research

  View on GitHub
  Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.
  ☆22Jan 5, 2025Updated last year
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• secure-cake / rapid-endpoint-investigations

  View on GitHub
  Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE
  ☆191Apr 1, 2026Updated 2 weeks ago
• edelucia / rules

  View on GitHub
  Cyber Threats Detection Rules
  ☆14Sep 16, 2025Updated 7 months ago
• billthefarmer / audiotools

  View on GitHub
  Automatically exported from code.google.com/p/audiotools
  ☆54Apr 12, 2023Updated 3 years ago
• 0xHasanM / regexplore

  View on GitHub
  Regexplore is a Volatility plugin designed to mimic the functionality of the Registry Explorer plugins in EZsuite
  ☆18Mar 31, 2023Updated 3 years ago
• WithSecureLabs / iocs

  View on GitHub
  ☆18Updated this week
• surya4n6 / dc29-btv-2021

  View on GitHub
  ☆15Aug 7, 2021Updated 4 years ago
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Aug 6, 2022Updated 3 years ago