The-DFIR-Report / DFIR-ArtifactsView external linksLinks
Repository for sharing examples of our artifacts data and for use in new analyst recruitment.
☆109Apr 22, 2025Updated 9 months ago
Alternatives and similar repositories for DFIR-Artifacts
Users that are interested in DFIR-Artifacts are comparing it to the libraries listed below
Sorting:
- Collection of scripts to automate the Malware Analysis process☆32Oct 27, 2025Updated 3 months ago
- Repository to track community hardware, data and funding.☆12Apr 8, 2022Updated 3 years ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆457Oct 29, 2025Updated 3 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated last month
- The backend server handling API requests and task management☆55Updated this week
- ☆21May 8, 2022Updated 3 years ago
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆40Mar 25, 2024Updated last year
- Remote access and Antivirus Logging Database☆45Apr 28, 2024Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Inject RDPThief into memory with PowerShell.☆65Jan 21, 2025Updated last year
- Awesome Security lists for SOC/CERT/CTI☆1,247Updated this week
- Analyse MSI files for vulnerabilities☆143Aug 30, 2024Updated last year
- The code in this repository which function is to extract the shellcode from the maldoc.☆10Jul 17, 2023Updated 2 years ago
- Mapping of open-source detection rules and atomic tests.☆195Feb 10, 2026Updated last week
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆52Apr 22, 2025Updated 9 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,924Jan 20, 2026Updated 3 weeks ago
- Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups …☆392Jan 29, 2026Updated 2 weeks ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated last week
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆421Aug 10, 2025Updated 6 months ago
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆42Oct 10, 2024Updated last year
- An open-source computer forensics tool that can display summary as the result of Windows Event Log analysis based on the chosen function(…☆11Feb 2, 2023Updated 3 years ago
- Python CLI covering the FileScan.IO API - enabling automatic interaction with www.filescan.io or private instances☆14Jul 15, 2025Updated 7 months ago
- A repo that contains a recursive dump from the ROOT key of every Windows Registry hive (using KAPE) from a vanilla (clean) install of eve…☆54Oct 29, 2025Updated 3 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- ☆11Dec 9, 2025Updated 2 months ago
- RedAudit is a next-generation Windows forensic and security assessment framework featuring a live cyber-operations GUI built for real inv…☆35Nov 15, 2025Updated 3 months ago
- Slide deck for DEF CON 30 - Read Team Village - Offensive Wireless Security presentation☆13Aug 16, 2022Updated 3 years ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆694Oct 22, 2025Updated 3 months ago
- A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners☆115Oct 29, 2024Updated last year
- Bash Script to extract GNU/Linux forensic artifacts for digital forensic analysis and incident response.☆43Jul 5, 2023Updated 2 years ago
- DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital For…☆426Nov 28, 2025Updated 2 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆574Dec 6, 2025Updated 2 months ago
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆460Aug 13, 2024Updated last year
- Kudzu is a Go C2 platform with an emphasis on extensibility.☆11Mar 30, 2021Updated 4 years ago
- Resources I've found useful for my CTI work☆12Dec 27, 2023Updated 2 years ago