fireeye / BitsParser

Related projects: ⓘ

• theflakes / reg_hunter
  Blueteam operational triage registry hunting/forensic tool.
  ☆142Updated last year
• fireeye / HXTool
  HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physic…
  ☆79Updated 2 months ago
• NVISOsecurity / evtx-hunter
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆144Updated 2 years ago
• splunk / melting-cobalt
  A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
  ☆162Updated last year
• gtworek / VolatileDataCollector
  ☆168Updated 8 months ago
• CrowdStrike / SuperMem
  A python script developed to process Windows memory images based on triage type.
  ☆259Updated 9 months ago
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆123Updated last week
• The-DFIR-Report / Yara-Rules
  ☆61Updated 3 weeks ago
• CrowdStrike / xwf-yara-scanner
  ☆84Updated 7 months ago
• ForensicArtifacts / artifacts-kb
  Digital Forensics Artifacts Knowledge Base
  ☆71Updated 4 months ago
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆139Updated 2 months ago
• Neo23x0 / yaraQA
  YARA rule analyzer to improve rule quality and performance
  ☆93Updated 9 months ago
• nov3mb3r / trident
  A PowerShell incident response script for quick triage
  ☆75Updated 2 years ago
• andreafortuna / autotimeliner
  Automagically extract forensic timeline from volatile memory dump
  ☆123Updated 4 months ago
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆109Updated 2 years ago
• jsecurity101 / TelemetrySource
  ☆214Updated 4 months ago
• knez / defender-dump
  Dump quarantined files from Windows Defender
  ☆51Updated 2 years ago
• LaresLLC / SysmonConfigPusher
  Pushes Sysmon Configs
  ☆89Updated 3 years ago
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆123Updated 2 years ago
• EricZimmerman / AmcacheParser
  Parses amcache.hve files, but with a twist!
  ☆115Updated 2 weeks ago
• hackjalstead / IRCP
  A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
  ☆64Updated 2 years ago
• pan-unit42 / tweets
  ☆130Updated 7 months ago
• redcanaryco / AtomicTestHarnesses
  Public Repo for Atomic Test Harness
  ☆244Updated 2 months ago
• olafhartong / Presentations
  My conference presentations
  ☆66Updated 11 months ago
• elastic / labs-releases
  Elastic Security Labs releases
  ☆46Updated 3 weeks ago
• airbus-cert / ntTraceControl
  Powershell Event Tracing Toolbox
  ☆72Updated 2 years ago
• Beercow / SEPparser
  Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
  ☆62Updated last year
• dwmetz / CyberPipe
  An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
  ☆266Updated 3 weeks ago
• mvelazc0 / PurpleTeamPlaybook
  Active Directory Purple Team Playbook
  ☆103Updated last year
• SentineLabs / SentinelLabs_RevCore_Tools
  The Windows Malware Analysis Reversing Core Tools
  ☆88Updated 3 years ago