bcarrier / awesome-incident-responseLinks
A curated list of tools for incident response
☆14Updated last year
Alternatives and similar repositories for awesome-incident-response
Users that are interested in awesome-incident-response are comparing it to the libraries listed below
Sorting:
- Information about the open-source-dfir slack community☆30Updated 2 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆58Updated 4 months ago
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆28Updated 2 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆42Updated 3 years ago
- An advanced parser for INDX records☆28Updated 6 years ago
- A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources t…☆54Updated 3 years ago
- Hunt malware with Volatility☆47Updated 4 months ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆29Updated 10 months ago
- Automagically extract forensic timeline from volatile memory dump☆132Updated last year
- Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs☆96Updated 4 years ago
- My Jupyter Notebooks☆36Updated 8 months ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆45Updated 3 years ago
- Crowdstrike response script containing various functions for IR/triage☆12Updated 4 years ago
- Open source training materials for law-enforcement and organisations interested in DFIR.☆61Updated 5 months ago
- Random notes collected on the intertubes relating to DFIR☆34Updated 2 years ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆126Updated 3 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆21Updated 4 years ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆84Updated 2 years ago
- Software downloads☆109Updated 6 months ago
- It is based on bulk_extractor (https://github.com/simsong/bulk_extractor) and add scanners for record carving☆41Updated 5 years ago
- ☆55Updated 4 months ago
- ☆39Updated 6 years ago
- ☆33Updated 4 years ago
- Digital Forensics Artifacts Knowledge Base☆88Updated last month
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Updated last year
- A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.☆104Updated 2 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆28Updated 3 months ago
- ☆88Updated 3 months ago
- Quick script to build host or investigation timelines using Carbon Black Response☆12Updated 7 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆32Updated 2 years ago