Repository for sharing examples of our artifacts data and for use in new analyst recruitment.
☆110Apr 22, 2025Updated last year
Alternatives and similar repositories for DFIR-Artifacts
Users that are interested in DFIR-Artifacts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Collection of scripts to automate the Malware Analysis process☆33Oct 27, 2025Updated 6 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆479Oct 29, 2025Updated 6 months ago
- Repository to track community hardware, data and funding.☆12Apr 8, 2022Updated 4 years ago
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆45Oct 10, 2024Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Repository for write-ups of Sofia Santos' OSINT exercises☆18Sep 29, 2025Updated 7 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆281Dec 20, 2025Updated 4 months ago
- The backend server handling API requests and task management☆62Apr 17, 2026Updated last week
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆54Apr 22, 2025Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Cobalt Strike is threat emulation software. Red teams and penetration testers use Cobalt Strike to demonstrate the risk of a breach and e…☆16Oct 13, 2022Updated 3 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆38Mar 25, 2024Updated 2 years ago
- Resources I've found useful for my CTI work☆12Dec 27, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- External telegram feeder for AIL framework☆19Jan 21, 2026Updated 3 months ago
- ☆11Dec 9, 2025Updated 4 months ago
- Mapping of open-source detection rules and atomic tests.☆208Feb 16, 2026Updated 2 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆466Feb 18, 2026Updated 2 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,948Updated this week
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆706Apr 21, 2026Updated last week
- DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital For…☆460Nov 28, 2025Updated 5 months ago
- Awesome Security lists for SOC/CERT/CTI☆1,430Updated this week
- RedAudit is a next-generation Windows forensic and security assessment framework featuring a live cyber-operations GUI built for real inv…☆35Nov 15, 2025Updated 5 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆118Oct 29, 2024Updated last year
- The SOLVE-IT knowledge base for digital forensics☆78Updated this week
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 2 months ago
- Convert Sigma rules to SIEM queries, directly in your browser.☆114Apr 18, 2026Updated last week
- Awesome list of keywords and artifacts for Threat Hunting sessions☆654Aug 4, 2025Updated 8 months ago
- An introduction to detection engineering☆14Jan 3, 2025Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆475Aug 13, 2024Updated last year
- Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups …☆403Jan 29, 2026Updated 3 months ago
- An Ansible role that install the Adaptix C2 server and/or client on Debian based hosts☆176May 28, 2025Updated 11 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Welcome to the Just another Kusto hacker ("JAKH") contest!☆54Jun 6, 2025Updated 10 months ago
- A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV outp…☆320Feb 26, 2026Updated 2 months ago
- Capture. Detonate. Collect☆14Sep 20, 2024Updated last year
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- Tracking and documenting monthly insights about hacktivist coalitions.☆23Sep 14, 2025Updated 7 months ago
- Automated security investigation tool using Microsoft MCP Servers, GitHub Copilot, Python Modules and custom copilot-instructions.☆187Apr 22, 2026Updated last week
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago