A quick reference guide for python script development in DFIR
☆17Mar 20, 2024Updated 2 years ago
Alternatives and similar repositories for python-forensics-handbook
Users that are interested in python-forensics-handbook are comparing it to the libraries listed below
Sorting:
- Automatic, fast parsing of browser artifacts☆17Jan 4, 2025Updated last year
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- This is to edit a training forensic image file (raw/dd) and zero out all the unnecessary files.☆11Jun 21, 2025Updated 9 months ago
- introduction to distributed scanning using vultr☆10Apr 29, 2017Updated 8 years ago
- SIEM Detection Use Case Library mapped to MITRE ATT&CK tactics and techniques☆12Oct 28, 2018Updated 7 years ago
- Jupyter Notebooks for Digital Forensics & Incident Response☆10Nov 23, 2021Updated 4 years ago
- Web app built to allow digital forensic professionals to search for the forensic tools that will parse artifacts from various apps.☆18Apr 30, 2025Updated 10 months ago
- Script to process PDF files☆21May 23, 2025Updated 9 months ago
- A project designed to make the operationalization of open-source cyber threat intelligence more efficient.☆17Updated this week
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 4 months ago
- This repo is all about Blue teamming and CyberDefenders Write-up for their DFIR challenges☆18Nov 5, 2023Updated 2 years ago
- A collaboration effort by the DFIR community to provide definitions (sometimes multiple) for common forensic terms!☆26Dec 1, 2022Updated 3 years ago
- Collection of scripts and tools related to the eCTHPv2 exam by INE.☆19Jun 12, 2022Updated 3 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Jun 24, 2023Updated 2 years ago
- A guide to setting up Windows and MacOS the way I like it☆22Jun 25, 2025Updated 8 months ago
- Queries for Carbon Black Response☆11Feb 11, 2020Updated 6 years ago
- Repo to host a comprehensive list of all my Public Gists with a short description for each item and a link to the Gist pages in question.…☆15Apr 27, 2021Updated 4 years ago
- A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources t…☆55Jan 3, 2022Updated 4 years ago
- A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!☆25Jan 8, 2026Updated 2 months ago
- Some of the lab files for the SANS Institute course SEC505: Securing Windows and PowerShell Automation: https://sans.org/sec505☆18Jun 8, 2017Updated 8 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆15Jul 23, 2020Updated 5 years ago
- Command and Control Framework☆13Mar 23, 2024Updated last year
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆44Oct 25, 2024Updated last year
- ReWrite of AChoir in Go for Cross Platform forensic artifact collection and processing☆41Feb 28, 2026Updated 3 weeks ago
- a GUI Interface for DFIR Open Source Tools☆10Jun 16, 2015Updated 10 years ago
- macOS Artifacts☆33Mar 2, 2025Updated last year
- Offsec PWB Lab Tools☆13Nov 14, 2013Updated 12 years ago
- Some dfir stuff☆31Jan 12, 2022Updated 4 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆15Jul 19, 2025Updated 8 months ago
- dcfldd - enhanced version of dd for forensics and security☆71Jun 17, 2018Updated 7 years ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Jan 1, 2020Updated 6 years ago
- A simple trap for web crawlers☆12Aug 2, 2023Updated 2 years ago
- A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life …☆39Jan 6, 2025Updated last year
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆44Jul 18, 2022Updated 3 years ago
- Search an entire directory of .eml email files for a word or phrase... in over 100 languages.☆12Feb 28, 2023Updated 3 years ago
- Windows.EDB Browser☆60Mar 6, 2023Updated 3 years ago
- An ocrmypdf front-end / batch job designer☆17Sep 1, 2023Updated 2 years ago