dfir-iris / iris-clientLinks
Python client for DFIR-IRIS
☆20Updated 10 months ago
Alternatives and similar repositories for iris-client
Users that are interested in iris-client are comparing it to the libraries listed below
Sorting:
- ☆8Updated 8 months ago
- Jupyter notebooks for threat hunting☆56Updated 2 months ago
- Collection of scripts provided for public use☆34Updated 2 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆54Updated last year
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆109Updated last year
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆45Updated 3 years ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆31Updated 3 years ago
- ☆35Updated 8 months ago
- Hunt malware with Volatility☆47Updated last year
- Forensics scripts aimed at automating & enhancing the Forensics Legend Eric Zimmerman's techniques, integrating the statistical detection…☆18Updated last year
- Script to automate Linux live evidence collection☆27Updated 2 years ago
- Remote access and Antivirus Logging Database☆42Updated last year
- ☆51Updated last year
- YARA rule analyzer to improve rule quality and performance☆102Updated 2 months ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- simple webapp for converting sigma rules into siem queries using the pySigma library☆49Updated last year
- Random notes collected on the intertubes relating to DFIR☆34Updated last year
- ☆68Updated 6 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆85Updated 4 months ago
- ☆87Updated last year
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆88Updated last year
- USN Journal full path builder☆60Updated 9 months ago
- Detection Engineering with YARA☆87Updated last year
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆36Updated last week
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated last month
- Repository of public reference frameworks for the DFIR community.☆116Updated last year
- Cleanup of older MISP events can require some work until now☆26Updated 2 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆79Updated last month