This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
☆118May 8, 2026Updated last month
Alternatives and similar repositories for DFIR
Users that are interested in DFIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- most powerful batch obfuscator☆47Jan 2, 2023Updated 3 years ago
- Digital Forensics and Incident Response notes and Autopsy tool walkthrough☆11Feb 3, 2022Updated 4 years ago
- A curated list of ressources for Volatility 2 & 3☆14Mar 17, 2024Updated 2 years ago
- DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital For…☆481Nov 28, 2025Updated 7 months ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆20May 9, 2025Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- ☆16Nov 13, 2024Updated last year
- Anteater is Reconnaissance tool for discovering interesting files and folders in a web application that most likely has been misconfigure…☆14Jun 12, 2024Updated 2 years ago
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆47Oct 10, 2024Updated last year
- Hunt the windows Registry automatically using VQL☆18May 4, 2026Updated last month
- FIXED 2021 VERSION MEGA DUMPER☆30Jun 7, 2021Updated 5 years ago
- Driver Buddy Revolutions for Ghidra☆48Mar 28, 2026Updated 3 months ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆163Apr 6, 2025Updated last year
- KQL Detections for Microsoft Sentinel and Microsoft 365 Defender☆22Nov 15, 2024Updated last year
- Source files and writeups for the brixel CTF 2020☆10Jan 1, 2021Updated 5 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- My external brain for cyber defense (WIP). A practical collection of field notes on hunting strategies and system principles. Documentin…☆102Jun 5, 2026Updated 3 weeks ago
- Writeup for the challenges in Really Awesome CTF 2020☆13Aug 3, 2020Updated 5 years ago
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆211Nov 12, 2025Updated 7 months ago
- ☆13Jan 19, 2023Updated 3 years ago
- ☆31Aug 21, 2024Updated last year
- Collection of my volatility3 plugins☆19Jun 18, 2026Updated last week
- ☆35Mar 4, 2019Updated 7 years ago
- Small wiki for Mobile Application Penetration Testing Tools☆12Apr 8, 2021Updated 5 years ago
- Tools and scripts to deploy and manage OpenRelik instances☆17Mar 23, 2026Updated 3 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A New Exploitation Technique for Visual Studio Projects☆13Nov 5, 2023Updated 2 years ago
- This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team☆20Oct 9, 2024Updated last year
- Ian Hanley's deceptively simple KQL queries.☆68Apr 10, 2026Updated 2 months ago
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆22Aug 3, 2024Updated last year
- Run several volatility plugins at the same time☆118Oct 27, 2022Updated 3 years ago
- ☆15Jun 5, 2024Updated 2 years ago
- Challenge handouts, source code, and solutions for UofTCTF 2026☆43Jan 13, 2026Updated 5 months ago
- $MFT directory tree reconstruction & FILE record info☆332Oct 7, 2024Updated last year
- EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.☆15Nov 7, 2021Updated 4 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Jun 1, 2021Updated 5 years ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆111Apr 22, 2025Updated last year
- autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat☆110Oct 31, 2023Updated 2 years ago
- ☆12Apr 23, 2021Updated 5 years ago
- Various short scripts and tools used for Digital Forensics☆14Apr 13, 2025Updated last year
- ☆17Mar 31, 2026Updated 2 months ago
- 🇻🇳 [VNCERT/CC] Digital Forensics Lab 🇻🇳☆23Dec 26, 2024Updated last year