abdulshareef/DFIR-Resources external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

abdulshareef/DFIR-Resources

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/abdulshareef/DFIR-Resources)

Close

abdulshareef / DFIR-ResourcesView on GitHubMore

• External links
• Readme badge

Some important DFIR Resources

☆84Mar 16, 2023Updated 2 years ago

Alternatives and similar repositories for DFIR-Resources

Users that are interested in DFIR-Resources are comparing it to the libraries listed below

• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• AndrewRathbun / DFIRRegex

  View on GitHub
  A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
  ☆107Nov 23, 2022Updated 3 years ago
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool

  View on GitHub
  Linux Baseline and Forensic Triage Tool - BETA
  ☆57Sep 8, 2022Updated 3 years ago
• jgasmussen / Case_Notes.py

  View on GitHub
  Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.
  ☆26Jun 24, 2023Updated 2 years ago
• AndrewRathbun / DFIRArtifactMuseum

  View on GitHub
  The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…
  ☆646Nov 7, 2025Updated 4 months ago
• SoulSec / resource-threat-hunting

  View on GitHub
  Repository resource for threat hunter
  ☆158Sep 14, 2018Updated 7 years ago
• Sam0x90 / CB-Threat-Hunting

  View on GitHub
  CarbonBlack EDR detection rules and response actions
  ☆73Sep 10, 2024Updated last year
• dlcowen / sansfor509

  View on GitHub
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆222Oct 26, 2025Updated 4 months ago
• RegSeek / regseek.github.io

  View on GitHub
  Vault of Windows Registry forensic artifacts
  ☆28Nov 12, 2025Updated 3 months ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• keydet89 / Events-Ripper

  View on GitHub
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆89Feb 9, 2025Updated last year
• 13Cubed / SharpAbeebus

  View on GitHub
  A GeoIP lookup utility utilizing ipinfo.io services.
  ☆30Dec 1, 2023Updated 2 years ago
• digitalsleuth / winfor-salt

  View on GitHub
  Windows Forensics Salt States
  ☆21Feb 23, 2026Updated last week
• bluecapesecurity / PWF

  View on GitHub
  Practical Windows Forensics Training
  ☆749Feb 16, 2026Updated 2 weeks ago
• MetadataForensics / Google-Location-History-Takeout-Parser

  View on GitHub
  This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manne…
  ☆40Sep 26, 2025Updated 5 months ago
• activecm / threat-hunting-labs

  View on GitHub
  Collection of walkthroughs on various threat hunting techniques
  ☆76Aug 3, 2020Updated 5 years ago
• isherwood-sec / detection-engineering

  View on GitHub
  ☆60Feb 27, 2026Updated last week
• stuhli / awesome-event-ids

  View on GitHub
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆644Jun 19, 2024Updated last year
• ashemery / WindowsDFIR

  View on GitHub
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆77Jul 13, 2021Updated 4 years ago
• SecurityAura / Aura-Research

  View on GitHub
  Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.
  ☆22Jan 5, 2025Updated last year
• AtomicGaryBusey / AzureForensics

  View on GitHub
  ☆33Oct 25, 2021Updated 4 years ago
• jkerai1 / KQL-Queries

  View on GitHub
  KQL Queries
  ☆33Feb 17, 2026Updated 2 weeks ago
• mattnotmax / DFIR-notes

  View on GitHub
  Random notes collected on the intertubes relating to DFIR
  ☆35Jun 26, 2023Updated 2 years ago
• TazWake / Public

  View on GitHub
  Collection of scripts provided for public use
  ☆39Feb 4, 2026Updated last month
• CyberCX-DFIR / usnjrnl_rewind

  View on GitHub
  USN Journal full path builder
  ☆66Sep 16, 2024Updated last year
• RxXwx3x / OSWE

  View on GitHub
  ☆20Sep 2, 2021Updated 4 years ago
• SAP-archive / forensic-artifact-automation

  View on GitHub
  A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing o…
  ☆12Apr 26, 2023Updated 2 years ago
• EmissarySpider / ransomware-descendants

  View on GitHub
  A repository dedicated to tracking ransomware families based on leaked builders.
  ☆22Apr 17, 2024Updated last year
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated 11 months ago
• invictus-ir / Microsoft-Extractor-Suite

  View on GitHub
  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
  ☆771Updated this week
• chocolatecoat / DFIR-Templates

  View on GitHub
  Incident Response documents and tooling
  ☆113Dec 23, 2025Updated 2 months ago
• AndrewRathbun / EventTranscript.db-Research

  View on GitHub
  A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
  ☆43Jul 18, 2022Updated 3 years ago
• svch0stz / TheThreatHuntLibrary

  View on GitHub
  Library of threat hunts to get any user started!
  ☆50Sep 4, 2020Updated 5 years ago
• cyb3rmik3 / MDE-DFIR-Resources

  View on GitHub
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆432Feb 18, 2026Updated 2 weeks ago
• AbdulRhmanAlfaifi / Rhaegal

  View on GitHub
  Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…
  ☆42Sep 21, 2023Updated 2 years ago
• RAB301000001C3 / PCAPEXTRACT

  View on GitHub
  Packet Analysis on Steroids
  ☆13Oct 20, 2022Updated 3 years ago
• lukemurraynz / Azure

  View on GitHub
  Microsoft Azure scripts
  ☆14Dec 29, 2024Updated last year
• da3n3rys / DFIR-Notebooks

  View on GitHub
  Jupyter Notebooks for Digital Forensics & Incident Response
  ☆10Nov 23, 2021Updated 4 years ago
• StupidBird-Code / Malware_Analysize-Tools

  View on GitHub
  Here are some tools I developed to help analyze malware
  ☆11Nov 8, 2023Updated 2 years ago