docker-forensics-toolkit / toolkit

Related projects ⓘ

Alternatives and complementary repositories for toolkit

• swisscom / ArtifactCollectionMatrix
  Forensic Artifact Collection Tool Matrix
  ☆75Updated last week
• ForensicArtifacts / artifacts-kb
  Digital Forensics Artifacts Knowledge Base
  ☆75Updated 6 months ago
• EZToolsManuals / EZToolsManuals
  A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
  ☆63Updated last year
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆49Updated last year
• dfir-scripts / siftgrab
  ☆57Updated 3 weeks ago
• mf1d3l / Splunk4DFIR
  Harness the power of Splunk for your investigations
  ☆77Updated this week
• blackberry / threat-research-and-intelligence
  BlackBerry Threat Research & Intelligence
  ☆93Updated last year
• fox-it / acquire
  acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
  ☆91Updated this week
• dwmetz / CyberPipe
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆270Updated 2 months ago
• CrowdStrike / SuperMem
  A python script developed to process Windows memory images based on triage type.
  ☆258Updated 11 months ago
• AttackIQ / SigmAIQ
  A pySigma wrapper and langchain toolkit for automatic rule creation/translation
  ☆66Updated last week
• keydet89 / Events-Ripper
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆76Updated last week
• securityjoes / ForensicMiner
  A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
  ☆148Updated 6 months ago
• AndrewRathbun / Awesome-KAPE
  A curated list of KAPE-related resources
  ☆156Updated 6 months ago
• blueteam0ps / memOptix
  A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.
  ☆94Updated last year
• AmgdGocha / DriveFS-Sleuth
  DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based o…
  ☆74Updated last month
• dfircheatsheet / dfircheatsheet.github.io
  ☆63Updated last year
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆67Updated last year
• NextronSystems / CyberChef
  CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition
  ☆62Updated 2 years ago
• MattETurner / DFIRlogbook
  Logbook for Digital Forensics and Incident Response
  ☆49Updated 4 months ago
• ReconInfoSec / velociraptor-to-timesketch
  ☆1Updated 3 weeks ago
• redhat-infosec / priority-intelligence-requirements-dev
  This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirements
  ☆116Updated 11 months ago
• Ruler-Project / ruler-project
  Remote access and Antivirus Logging Database
  ☆41Updated 6 months ago
• TazWake / Public
  Collection of scripts provided for public use
  ☆31Updated last week
• andreafortuna / autotimeliner
  Automagically extract forensic timeline from volatile memory dump
  ☆123Updated 6 months ago
• swisscom / Invoke-Forensics
  Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
  ☆109Updated 11 months ago
• JPCERTCC / jpcert-yara
  JPCERT/CC public YARA rules repository
  ☆103Updated 5 months ago
• center-for-threat-informed-defense / attack-powered-suit
  ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CK® knowledge base at your fingertips with text search, conte…
  ☆72Updated 2 weeks ago
• joshlemon / DFIR-Reference-Frameworks
  Repository of public reference frameworks for the DFIR community.
  ☆109Updated last year