This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
☆107Jan 27, 2026Updated last month
Alternatives and similar repositories for DFIR
Users that are interested in DFIR are comparing it to the libraries listed below
Sorting:
- most powerful batch obfuscator☆47Jan 2, 2023Updated 3 years ago
- Digital Forensics and Incident Response notes and Autopsy tool walkthrough☆11Feb 3, 2022Updated 4 years ago
- A curated list of ressources for Volatility 2 & 3☆13Mar 17, 2024Updated last year
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆208Nov 12, 2025Updated 3 months ago
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆42Oct 10, 2024Updated last year
- Small wiki for Mobile Application Penetration Testing Tools☆12Apr 8, 2021Updated 4 years ago
- Anteater is Reconnaissance tool for discovering interesting files and folders in a web application that most likely has been misconfigure…☆13Jun 12, 2024Updated last year
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆19May 9, 2025Updated 9 months ago
- A New Exploitation Technique for Visual Studio Projects☆11Nov 5, 2023Updated 2 years ago
- EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.☆15Nov 7, 2021Updated 4 years ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Apr 6, 2025Updated 10 months ago
- DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital For…☆428Nov 28, 2025Updated 3 months ago
- Hunt the windows Registry automatically using VQL☆14Jan 6, 2026Updated last month
- Various short scripts and tools used for Digital Forensics☆14Apr 13, 2025Updated 10 months ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Jun 1, 2021Updated 4 years ago
- ☆13Jan 19, 2023Updated 3 years ago
- ☆34Mar 4, 2019Updated 7 years ago
- an open source python deobfuscator for pyobfuscate.com☆40Jul 28, 2024Updated last year
- KQL Detections for Microsoft Sentinel and Microsoft 365 Defender☆21Nov 15, 2024Updated last year
- ☆17Jan 21, 2026Updated last month
- My external brain for cyber defense (WIP). A practical collection of field notes on hunting strategies and system principles. Documentin…☆60Updated this week
- [DEPRECIATED] All writeups are moved to my main website☆14Mar 15, 2024Updated last year
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat☆110Oct 31, 2023Updated 2 years ago
- Send High & New Incidents to The Hive incident management Platform☆18Feb 13, 2021Updated 5 years ago
- Rust crate to simplify Windows ACL operations☆19Jun 9, 2023Updated 2 years ago
- Secure Terminal CTF Challenge for DC31 Red Team Village☆19Aug 22, 2023Updated 2 years ago
- All the useful tools interesting to be used☆24Sep 20, 2022Updated 3 years ago
- Collection of my volatility3 plugins☆18Sep 6, 2024Updated last year
- This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team☆20Oct 9, 2024Updated last year
- ☆29Aug 21, 2024Updated last year
- The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆24Aug 12, 2025Updated 6 months ago
- Polyglot detector☆23Jun 5, 2025Updated 8 months ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆46Jan 2, 2022Updated 4 years ago
- 🇻🇳 [VNCERT/CC] Digital Forensics Lab 🇻🇳☆21Dec 26, 2024Updated last year
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆461Aug 13, 2024Updated last year
- A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…☆26Feb 29, 2024Updated 2 years ago
- This is the official repository for Basic Malware Analysis Course☆20Jan 11, 2022Updated 4 years ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆109Apr 22, 2025Updated 10 months ago