This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
☆109Mar 21, 2026Updated this week
Alternatives and similar repositories for DFIR
Users that are interested in DFIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- most powerful batch obfuscator☆47Jan 2, 2023Updated 3 years ago
- A curated list of ressources for Volatility 2 & 3☆13Mar 17, 2024Updated 2 years ago
- DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital For…☆446Nov 28, 2025Updated 3 months ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆20May 9, 2025Updated 10 months ago
- A Python script for extracting IP addresses, URLs, headers, and attachments from .eml files. Additional functionalities include defanging…☆44Oct 10, 2024Updated last year
- ☆16Nov 13, 2024Updated last year
- Anteater is Reconnaissance tool for discovering interesting files and folders in a web application that most likely has been misconfigure…☆13Jun 12, 2024Updated last year
- Hunt the windows Registry automatically using VQL☆14Jan 6, 2026Updated 2 months ago
- FIXED 2021 VERSION MEGA DUMPER☆29Jun 7, 2021Updated 4 years ago
- A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.☆162Apr 6, 2025Updated 11 months ago
- KQL Detections for Microsoft Sentinel and Microsoft 365 Defender☆21Nov 15, 2024Updated last year
- Source files and writeups for the brixel CTF 2020☆10Jan 1, 2021Updated 5 years ago
- My external brain for cyber defense (WIP). A practical collection of field notes on hunting strategies and system principles. Documentin…☆77Updated this week
- Writeup for the challenges in Really Awesome CTF 2020☆13Aug 3, 2020Updated 5 years ago
- ☆13Jan 19, 2023Updated 3 years ago
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆207Nov 12, 2025Updated 4 months ago
- ☆22Aug 16, 2025Updated 7 months ago
- ☆34Mar 4, 2019Updated 7 years ago
- ☆29Aug 21, 2024Updated last year
- Collection of my volatility3 plugins☆18Sep 6, 2024Updated last year
- A New Exploitation Technique for Visual Studio Projects☆11Nov 5, 2023Updated 2 years ago
- Small wiki for Mobile Application Penetration Testing Tools☆12Apr 8, 2021Updated 4 years ago
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 3, 2026Updated 3 weeks ago
- Ian Hanley's deceptively simple KQL queries.☆67Dec 27, 2025Updated 2 months ago
- This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team☆20Oct 9, 2024Updated last year
- ☆15Jun 5, 2024Updated last year
- $MFT directory tree reconstruction & FILE record info☆326Oct 7, 2024Updated last year
- Challenge handouts, source code, and solutions for UofTCTF 2026☆42Jan 13, 2026Updated 2 months ago
- EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.☆15Nov 7, 2021Updated 4 years ago
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆110Apr 22, 2025Updated 11 months ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Jun 1, 2021Updated 4 years ago
- Writeups of some of the Binary Exploitation challenges that I have solved during CTF.☆21Feb 8, 2025Updated last year
- autoNTDS is an automation script designed to simplify the process of dumping and cracking NTDS hashes using secretsdump.py and hashcat☆110Oct 31, 2023Updated 2 years ago
- ☆12Apr 23, 2021Updated 4 years ago
- ☆17Jan 21, 2026Updated 2 months ago
- Various short scripts and tools used for Digital Forensics☆14Apr 13, 2025Updated 11 months ago
- 🇻🇳 [VNCERT/CC] Digital Forensics Lab 🇻🇳☆21Dec 26, 2024Updated last year
- CTFd plugin allowing for individual Docker containers per team☆24Jan 15, 2026Updated 2 months ago
- ☆31May 8, 2024Updated last year