fox-it / acquire
acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
โ86Updated last week
Related projects: โ
- Digital Forensics Artifacts Knowledge Baseโ71Updated 4 months ago
- ๐ Digital Forensics Artifact Repository (forensicanalysis edition)โ71Updated 7 months ago
- DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based oโฆโ71Updated this week
- Forensic Artifact Collection Tool Matrixโ70Updated 2 years ago
- Windows Forensics Environment Builderโ106Updated 3 months ago
- A curated list of KAPE-related resourcesโ154Updated 4 months ago
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copiesโ89Updated 7 months ago
- Logbook for Digital Forensics and Incident Responseโ48Updated 2 months ago
- โ84Updated 3 months ago
- A python script developed to process Windows memory images based on triage type.โ259Updated 9 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpubโ62Updated last year
- โ46Updated 2 weeks ago
- The Threat Actor Profile Guide for CTI Analystsโ89Updated last year
- macOS forensic timeline generator using the analysis result DBs of mac_aptโ88Updated last year
- Repository of public reference frameworks for the DFIR community.โ105Updated last year
- Collection of scripts provided for public useโ28Updated last month
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.โ90Updated 11 months ago
- This guide describes a process for developing Cyber Threat Intelligence Priority Intelligence Requirementsโ113Updated 9 months ago
- BlackBerry Threat Research & Intelligenceโ90Updated 11 months ago
- A GeoIP lookup utility utilizing ipinfo.io services.โ83Updated 9 months ago
- Incident Response documents and toolingโ57Updated 11 months ago
- Cast is an installer for any compatible Saltstack based distribution like SIFT or REMnuxโ99Updated this week
- Chrome Logs Events and Protobuf Parserโ34Updated last year
- Automagically extract forensic timeline from volatile memory dumpโ123Updated 4 months ago
- Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - httpsโฆโ121Updated 11 months ago
- ATT&CK Powered Suit is a browser extension that puts the complete MITRE ATT&CKยฎ knowledge base at your fingertips with text search, conteโฆโ69Updated last week
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhancโฆโ53Updated last year
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data wโฆโ49Updated 4 months ago
- Hunt malware with Volatilityโ46Updated 4 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on muโฆโ47Updated last year