Alternatives and similar repositories for ir-rescue

Users that are interested in ir-rescue are comparing it to the libraries listed below

• orlikoski / CDQR

  View on GitHub
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆345Jun 25, 2022Updated 3 years ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,427Nov 16, 2023Updated 2 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,639Nov 22, 2022Updated 3 years ago
• mattifestation / CimSweep

  View on GitHub
  CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…
  ☆657Aug 19, 2019Updated 6 years ago
• TonyPhipps / Meerkat

  View on GitHub
  A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
  ☆481Nov 15, 2024Updated last year
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,135Oct 19, 2025Updated 3 months ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆708Jun 1, 2022Updated 3 years ago
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆504Oct 21, 2022Updated 3 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 3 years ago
• SekoiaLab / Fastir_Collector

  View on GitHub
  ☆519Jan 26, 2021Updated 5 years ago
• nshalabi / SysmonTools

  View on GitHub
  Utilities for Sysmon
  ☆1,571Sep 21, 2025Updated 4 months ago
• gfoss / PSRecon

  View on GitHub
  PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…
  ☆491Jul 29, 2017Updated 8 years ago
• Neo23x0 / Loki

  View on GitHub
  Loki - Simple IOC and YARA Scanner
  ☆3,719Jan 12, 2026Updated last month
• meirwah / awesome-incident-response

  View on GitHub
  A curated list of tools for incident response
  ☆8,808Jul 18, 2024Updated last year
• certtools / intelmq

  View on GitHub
  IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
  ☆1,107Dec 2, 2025Updated 2 months ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆937Dec 12, 2023Updated 2 years ago
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆346May 7, 2024Updated last year
• giMini / PowerMemory

  View on GitHub
  Exploit the credentials present in files and memory
  ☆845May 25, 2023Updated 2 years ago
• opensourcesec / CIRTKit

  View on GitHub
  Tools for the Computer Incident Response Team
  ☆150Apr 17, 2017Updated 8 years ago
• gleeda / memtriage

  View on GitHub
  Allows you to quickly query a Windows machine for RAM artifacts
  ☆218Jul 17, 2020Updated 5 years ago
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,710Sep 23, 2025Updated 4 months ago
• ForensicArtifacts / artifacts

  View on GitHub
  Digital Forensics artifact repository
  ☆1,204Feb 11, 2026Updated last week
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,507Jan 24, 2023Updated 3 years ago
• diogo-fernan / malsub

  View on GitHub
  A Python RESTful API framework for online malware analysis and threat intelligence services.
  ☆369May 21, 2024Updated last year
• Invoke-IR / ForensicPosters

  View on GitHub
  ☆453Nov 21, 2024Updated last year
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆349Mar 19, 2021Updated 4 years ago
• CrowdStrike / Forensics

  View on GitHub
  Scripts and code referenced in CrowdStrike blog posts
  ☆336Nov 13, 2019Updated 6 years ago
• CrowdStrike / automactc

  View on GitHub
  AutoMacTC: Automated Mac Forensic Triage Collector
  ☆553Mar 31, 2022Updated 3 years ago
• secrary / SSMA

  View on GitHub
  SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]
  ☆410Apr 21, 2020Updated 5 years ago
• certsocietegenerale / fame

  View on GitHub
  FAME Automates Malware Evaluation
  ☆927Dec 16, 2025Updated 2 months ago
• uber-common / metta

  View on GitHub
  An information security preparedness tool to do adversarial simulation.
  ☆1,142Apr 1, 2019Updated 6 years ago
• mitre / multiscanner

  View on GitHub
  Modular file scanning/analysis framework
  ☆621Oct 8, 2019Updated 6 years ago
• yampelo / beagle

  View on GitHub
  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
  ☆1,339Dec 13, 2022Updated 3 years ago
• mkorman90 / VolatilityBot

  View on GitHub
  VolatilityBot – An automated memory analyzer for malware samples and memory dumps
  ☆270Jun 15, 2021Updated 4 years ago
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,383Oct 14, 2023Updated 2 years ago
• OMENScan / AChoir

  View on GitHub
  Windows Live Artifacts Acquisition Script
  ☆190Jun 20, 2022Updated 3 years ago
• DefensePointSecurity / threat_note

  View on GitHub
  DPS' Lightweight Investigation Notebook
  ☆433Dec 31, 2023Updated 2 years ago
• redhuntlabs / RedHunt-OS

  View on GitHub
  Virtual Machine for Adversary Emulation and Threat Hunting
  ☆1,313Jan 22, 2025Updated last year