ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆182Mar 2, 2026Updated 4 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆230Oct 26, 2025Updated 8 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆203Jan 6, 2026Updated 5 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆826Updated this week
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆84Jan 6, 2026Updated 5 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆34Jul 12, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- Notes on responding to security breaches relating to Azure AD☆123Mar 14, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆281Feb 2, 2021Updated 5 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆62Jun 7, 2022Updated 4 years ago
- PowerShell module for Office 365 and Azure log collection☆281Sep 22, 2025Updated 9 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆277Jun 17, 2026Updated 2 weeks ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆637Jun 20, 2026Updated 2 weeks ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Feb 13, 2025Updated last year
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 3 years ago
- USN Journal full path builder☆69Apr 16, 2026Updated 2 months ago
- Powershell module for VMWare vSphere forensics☆183Nov 8, 2024Updated last year
- Aftermath is a free macOS IR framework☆587Sep 25, 2025Updated 9 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆80Jan 9, 2024Updated 2 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆181Jun 29, 2026Updated last week
- ESXi Cyber Security Incident Response Script☆28Sep 4, 2024Updated last year
- ☆23Mar 12, 2025Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆309Mar 10, 2026Updated 3 months ago
- ☆21May 28, 2026Updated last month
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆724May 2, 2026Updated 2 months ago
- ☆152Jun 5, 2024Updated 2 years ago
- ☆75Mar 19, 2025Updated last year
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆827May 30, 2026Updated last month
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- ☆27Mar 2, 2022Updated 4 years ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆43Oct 20, 2020Updated 5 years ago
- CyLR - Live Response Collection Tool☆729Jun 1, 2022Updated 4 years ago
- cloudgrep is grep for cloud storage☆332Mar 14, 2026Updated 3 months ago
- Quick ESXi Log Parser☆33Oct 20, 2025Updated 8 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆344Jun 19, 2026Updated 2 weeks ago