archanchoudhury / DFIR-ToolsView external linksLinks
This is the One Stop place where you can find almost all of your Tools of Requirements in DFIR
☆85Mar 3, 2022Updated 3 years ago
Alternatives and similar repositories for DFIR-Tools
Users that are interested in DFIR-Tools are comparing it to the libraries listed below
Sorting:
- Getting FREE Cyber Security Resources have been a challenge always. Access Davy-Jones-Locker to get all what you might need to upskill yo…☆62Mar 22, 2021Updated 4 years ago
- This Repository gives the best and possible strategies against hunting the ransomware☆26Aug 23, 2022Updated 3 years ago
- This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work.☆41Jun 27, 2021Updated 4 years ago
- Power-Forensics is the Best Friend for Incident Responders to perform IR and collect evidences for Linux based host☆12Jun 2, 2023Updated 2 years ago
- Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.☆17Oct 28, 2023Updated 2 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- All the useful tools interesting to be used☆24Sep 20, 2022Updated 3 years ago
- Auto scanning tool that will help you during playing on HackTheBox, TryHackMe...etc☆19May 19, 2023Updated 2 years ago
- This Repository Talks about the Follina MSDT from Defender Perspective☆38Jun 2, 2022Updated 3 years ago
- ☆65Sep 18, 2025Updated 4 months ago
- Jupyter Notebooks for Digital Forensics & Incident Response☆10Nov 23, 2021Updated 4 years ago
- Python tool for detecting subdomain takeover vulnerabilities by resolving CNAME records and checking for known error messages. It support…☆15Feb 2, 2025Updated last year
- Volatility plugin to search for all Autostart Extensibility Points (AESPs)☆10May 16, 2024Updated last year
- ☆10Apr 2, 2022Updated 3 years ago
- This config file will automatically convert a temporary Windows Sandbox environment into a Flare VM for malware analysis.☆11Jan 3, 2025Updated last year
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 7 months ago
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆14Aug 15, 2022Updated 3 years ago
- Notes on responding to security breaches relating to Azure AD☆120Mar 14, 2022Updated 3 years ago
- DNS Dashboard for hunting and identifying beaconing☆16Jul 29, 2020Updated 5 years ago
- Learn how to get more out of publicly available threat reports to help improve the security posture of your organization! TLP: White Thre…☆15Jun 5, 2023Updated 2 years ago
- Scripts to integrate DFIR-IRIS, MISP and TimeSketch☆34Feb 2, 2022Updated 4 years ago
- IoT Malware Similarity Analysis Platform☆45Jan 30, 2022Updated 4 years ago
- eBPF-based EDR for Linux☆18Aug 25, 2024Updated last year
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- ☆33Oct 25, 2021Updated 4 years ago
- A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applica…☆22May 14, 2025Updated 9 months ago
- Python bindings for https://github.com/omerbenamram/mft☆23Dec 23, 2025Updated last month
- Library of threat hunts to get any user started!☆48Sep 4, 2020Updated 5 years ago
- “Intelliroot Code Injection Hunter” is a tool that can to help you identify injected malicious code. The tool can identify and extract po…☆16Sep 21, 2022Updated 3 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Nov 13, 2022Updated 3 years ago
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23May 23, 2022Updated 3 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆23Aug 12, 2025Updated 6 months ago
- incident response scripts☆18Mar 4, 2019Updated 6 years ago
- Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents☆51Apr 25, 2024Updated last year
- Harness the power of Splunk for your investigations☆152Oct 11, 2025Updated 4 months ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago