Remotely collect linux live forensics artifacts.
☆14Jul 8, 2022Updated 3 years ago
Alternatives and similar repositories for Remote-Linux-Triage-Collection-using-OSquery
Users that are interested in Remote-Linux-Triage-Collection-using-OSquery are comparing it to the libraries listed below
Sorting:
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Parsers for common structures across windows formats.☆12Aug 23, 2023Updated 2 years ago
- Safe Rust API to libesedb☆12Sep 10, 2025Updated 5 months ago
- Generic Signature Format for SIEM Systems☆18Jul 25, 2023Updated 2 years ago
- ☆23Oct 9, 2024Updated last year
- Network detector for Winnti malware☆21Mar 6, 2018Updated 7 years ago
- Windows Thingies... but in Rust☆23Nov 12, 2022Updated 3 years ago
- Python bindings for https://github.com/omerbenamram/evtx/☆55Jan 3, 2026Updated last month
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last week
- Automatically exported from code.google.com/p/mac-osx-forensics☆28Jan 12, 2016Updated 10 years ago
- module for osquery to load Bro logs into tables☆28Apr 28, 2015Updated 10 years ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- ☆28Jul 5, 2025Updated 7 months ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Jan 1, 2020Updated 6 years ago
- A document tagging library☆33Mar 27, 2025Updated 11 months ago
- Provide a shell like interface by utilizing osquery's distributed API☆82Jun 24, 2020Updated 5 years ago
- DotRat is a Telegram Rat which includes good features and non privileged persistence. Written in C#☆12Aug 14, 2023Updated 2 years ago
- Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')☆11May 16, 2017Updated 8 years ago
- Different DFIR and CTI utilities☆38May 13, 2020Updated 5 years ago
- Additional README's for XSOAR and XSOAR related things☆14Oct 4, 2023Updated 2 years ago
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- A clone of FD (File & Directory tool) by T.Shirai☆16Jan 29, 2014Updated 12 years ago
- My home server infrastructure as code☆16Updated this week
- macOS Endpoint Security Message Analysis Tool☆47Jan 31, 2022Updated 4 years ago
- Live forensic artifacts collector☆172Jul 5, 2024Updated last year
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- event shipper for Carbon Black Defense notifications☆10Feb 25, 2023Updated 3 years ago
- emoji for golang☆10Aug 7, 2014Updated 11 years ago
- Implementation of Max Kellermann's exploit for CVE-2022-0847☆12Mar 8, 2022Updated 3 years ago
- My attempts at making life with VMware that little bit easier.☆11Aug 7, 2023Updated 2 years ago
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- Tagging and getting extended document informations on ownCloud☆18Jul 28, 2015Updated 10 years ago
- A password list optimized for use on Android devices.☆11Jul 2, 2022Updated 3 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆15Nov 6, 2017Updated 8 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago