Some important DFIR Resources
☆84Mar 16, 2023Updated 3 years ago
Alternatives and similar repositories for DFIR-Resources
Users that are interested in DFIR-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Jun 24, 2023Updated 2 years ago
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 4 months ago
- CarbonBlack EDR detection rules and response actions☆73Sep 10, 2024Updated last year
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Mar 12, 2026Updated 2 weeks ago
- Windows Forensics Salt States☆21Mar 18, 2026Updated last week
- Linux Baseline and Forensic Triage Tool - BETA☆58Mar 10, 2026Updated 2 weeks ago
- This free tool parses Google Takeout Location History Exports or Google Semantic Location History Warrant Return Data in a forensic manne…☆40Sep 26, 2025Updated 6 months ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year
- Practical Windows Forensics Training☆755Feb 16, 2026Updated last month
- Repository resource for threat hunter☆158Sep 14, 2018Updated 7 years ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- A GeoIP lookup utility utilizing ipinfo.io services.☆30Dec 1, 2023Updated 2 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- Collection of Event ID ressources useful for Digital Forensics and Incident Response☆644Jun 19, 2024Updated last year
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 11 months ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆226Oct 26, 2025Updated 5 months ago
- A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing o…☆12Apr 26, 2023Updated 2 years ago
- Random notes collected on the intertubes relating to DFIR☆36Jun 26, 2023Updated 2 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆549Sep 2, 2022Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Collection of walkthroughs on various threat hunting techniques☆76Aug 3, 2020Updated 5 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- A curated list of KAPE-related resources☆184May 1, 2025Updated 10 months ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365☆790Oct 29, 2022Updated 3 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆44Jul 18, 2022Updated 3 years ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆776Mar 3, 2026Updated 3 weeks ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- ☆18Mar 26, 2024Updated 2 years ago
- ☆24Mar 12, 2025Updated last year
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated 10 months ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆454Feb 18, 2026Updated last month
- An exercise to practice deobfuscating PowerShell Scripts.☆26Feb 10, 2023Updated 3 years ago
- Microsoft Azure scripts☆14Dec 29, 2024Updated last year