This is the One Stop place where you can find almost all of your Tools of Requirements in DFIR
☆84Mar 3, 2022Updated 4 years ago
Alternatives and similar repositories for DFIR-Tools
Users that are interested in DFIR-Tools are comparing it to the libraries listed below
Sorting:
- Getting FREE Cyber Security Resources have been a challenge always. Access Davy-Jones-Locker to get all what you might need to upskill yo…☆62Mar 22, 2021Updated 4 years ago
- This Repository gives the best and possible strategies against hunting the ransomware☆26Aug 23, 2022Updated 3 years ago
- This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work.☆42Jun 27, 2021Updated 4 years ago
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Oct 28, 2023Updated 2 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 5 years ago
- All the useful tools interesting to be used☆24Sep 20, 2022Updated 3 years ago
- Auto scanning tool that will help you during playing on HackTheBox, TryHackMe...etc☆19May 19, 2023Updated 2 years ago
- This Repository Talks about the Follina MSDT from Defender Perspective☆38Jun 2, 2022Updated 3 years ago
- ☆65Sep 18, 2025Updated 5 months ago
- Python tool for detecting subdomain takeover vulnerabilities by resolving CNAME records and checking for known error messages. It support…☆15Feb 2, 2025Updated last year
- ☆10Apr 2, 2022Updated 3 years ago
- Jupyter Notebooks for Digital Forensics & Incident Response☆10Nov 23, 2021Updated 4 years ago
- This config file will automatically convert a temporary Windows Sandbox environment into a Flare VM for malware analysis.☆11Jan 3, 2025Updated last year
- Volatility plugin to search for all Autostart Extensibility Points (AESPs)☆10May 16, 2024Updated last year
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆14Aug 15, 2022Updated 3 years ago
- Notes on responding to security breaches relating to Azure AD☆121Mar 14, 2022Updated 3 years ago
- Information about the open-source-dfir slack community☆30Jun 17, 2023Updated 2 years ago
- Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Thre…☆15Jun 5, 2023Updated 2 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- DNS Dashboard for hunting and identifying beaconing☆16Jul 29, 2020Updated 5 years ago
- Field guide to gather low-hanging fruits☆14Mar 20, 2025Updated 11 months ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆35Feb 2, 2022Updated 4 years ago
- IoT Malware Similarity Analysis Platform☆45Jan 30, 2022Updated 4 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- Penguin OS Forensic (or Flight) Recorder☆40Dec 25, 2024Updated last year
- A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applica…☆22May 14, 2025Updated 9 months ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated 2 months ago
- Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external d…☆69Updated this week
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Nov 13, 2022Updated 3 years ago
- “Intelliroot Code Injection Hunter” is a tool that can to help you identify injected malicious code. The tool can identify and extract po…☆16Sep 21, 2022Updated 3 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23May 23, 2022Updated 3 years ago
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Aug 12, 2025Updated 6 months ago
- incident response scripts☆18Mar 4, 2019Updated 7 years ago