Some important DFIR Resources
☆84Mar 16, 2023Updated 3 years ago
Alternatives and similar repositories for DFIR-Resources
Users that are interested in DFIR-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Jun 24, 2023Updated 2 years ago
- Vault of Windows Registry forensic artifacts☆30Nov 12, 2025Updated 5 months ago
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆650Nov 7, 2025Updated 6 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆108Mar 12, 2026Updated last month
- Windows Forensics Salt States☆22Apr 25, 2026Updated last week
- Linux Baseline and Forensic Triage Tool - BETA☆59Mar 10, 2026Updated last month
- This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manne…☆40Sep 26, 2025Updated 7 months ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Practical Windows Forensics Training☆763Feb 16, 2026Updated 2 months ago
- Repository resource for threat hunter☆159Sep 14, 2018Updated 7 years ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A GeoIP lookup utility utilizing ipinfo.io services.☆30Dec 1, 2023Updated 2 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆647Jun 19, 2024Updated last year
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated last year
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆229Oct 26, 2025Updated 6 months ago
- A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing o…☆12Apr 26, 2023Updated 3 years ago
- Random notes collected on the intertubes relating to DFIR☆36Jun 26, 2023Updated 2 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆551Sep 2, 2022Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆33Oct 25, 2021Updated 4 years ago
- Collection of walkthroughs on various threat hunting techniques☆77Aug 3, 2020Updated 5 years ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆69Sep 13, 2023Updated 2 years ago
- A curated list of KAPE-related resources☆186May 1, 2025Updated last year
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆789Oct 29, 2022Updated 3 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆796Apr 23, 2026Updated 2 weeks ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ☆18Mar 26, 2024Updated 2 years ago
- ☆24Mar 12, 2025Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated last year
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- An exercise to practice deobfuscating PowerShell Scripts.☆26Feb 10, 2023Updated 3 years ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆468Feb 18, 2026Updated 2 months ago
- Microsoft Azure scripts☆14Dec 29, 2024Updated last year