Hunt malware with Volatility
☆49Mar 3, 2026Updated 2 weeks ago
Alternatives and similar repositories for malhunt
Users that are interested in malhunt are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Automagically extract forensic timeline from volatile memory dump☆133Mar 5, 2026Updated 2 weeks ago
- A python script developed to process Windows memory images based on triage type.☆266Nov 25, 2023Updated 2 years ago
- Carve $MFT records from a chunk of data (for instance a memory dump)☆16Aug 21, 2016Updated 9 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆15Aug 15, 2022Updated 3 years ago
- A script to assist in processing forensic RAM captures for malware triage☆26Feb 4, 2021Updated 5 years ago
- CTI-URLScan is a command line tool to enable analysts to search URLscan.io submissions. Pull screenshot and DOM content. As well as, auto…☆11Mar 2, 2021Updated 5 years ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆42Apr 23, 2020Updated 5 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- Scripts, Yara rules and other files developed during malware investigations☆27Aug 19, 2022Updated 3 years ago
- MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.☆20Feb 20, 2020Updated 6 years ago
- CSIRT Jump Bag☆27Apr 25, 2024Updated last year
- Automated forensics written in PowerShell☆34Sep 29, 2019Updated 6 years ago
- A modern Python-3-based alternative to RegRipper☆208Mar 31, 2025Updated 11 months ago
- ☆17Apr 13, 2018Updated 7 years ago
- This project is aimed at freely providing technical guides on various hacking topics: Active Directory services, web services, servers, i…☆15Sep 18, 2020Updated 5 years ago
- Attempt to replicate the functions of auto_rip by Corey Harrell in Python.☆12Aug 4, 2024Updated last year
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Nov 19, 2021Updated 4 years ago
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆107Mar 12, 2026Updated last week
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 7 years ago
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆118Nov 28, 2023Updated 2 years ago
- An NTFS/FAT parser for digital forensics & incident response☆224Oct 31, 2025Updated 4 months ago
- Recover EXT filesystem info from carved directory blocks☆19Jun 23, 2017Updated 8 years ago
- An advanced parser for INDX records☆29Aug 7, 2019Updated 6 years ago
- Incident Response collection and processing scripts with automated reporting scripts☆323Jun 25, 2024Updated last year
- Modular command-line threat hunting tool & framework.☆17Jul 20, 2020Updated 5 years ago
- RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShel…☆19Mar 12, 2020Updated 6 years ago
- Scripts developed to help in mobile forensics investigations☆10Jul 4, 2017Updated 8 years ago
- Learn about a network from a pcap file or reading from an interface☆29Apr 6, 2024Updated last year
- Grepify the GUI Regex Text Scanner for Code Reviewers☆23Apr 15, 2013Updated 12 years ago
- ☆22Dec 22, 2020Updated 5 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Dec 17, 2025Updated 3 months ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- OpenHIPS prevents exploitation of Windows systems☆35Jan 7, 2013Updated 13 years ago