ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆181Mar 2, 2026Updated 3 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆230Oct 26, 2025Updated 7 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆200Jan 6, 2026Updated 5 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆820Updated this week
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 4 months ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆83Jan 6, 2026Updated 5 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆34Jul 12, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- Notes on responding to security breaches relating to Azure AD☆123Mar 14, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆279Feb 2, 2021Updated 5 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆60Jun 7, 2022Updated 4 years ago
- PowerShell module for Office 365 and Azure log collection☆281Sep 22, 2025Updated 8 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276Apr 19, 2026Updated last month
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆253Nov 18, 2024Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆631Jun 3, 2026Updated last week
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Feb 13, 2025Updated last year
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- USN Journal full path builder☆69Apr 16, 2026Updated last month
- Powershell module for VMWare vSphere forensics☆183Nov 8, 2024Updated last year
- Aftermath is a free macOS IR framework☆583Sep 25, 2025Updated 8 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆80Jan 9, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆178May 22, 2026Updated 3 weeks ago
- ESXi Cyber Security Incident Response Script☆28Sep 4, 2024Updated last year
- ☆23Mar 12, 2025Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆309Mar 10, 2026Updated 3 months ago
- ☆21May 28, 2026Updated 2 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆719May 2, 2026Updated last month
- ☆152Jun 5, 2024Updated 2 years ago
- ☆75Mar 19, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆822May 30, 2026Updated 2 weeks ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- ☆27Mar 2, 2022Updated 4 years ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆43Oct 20, 2020Updated 5 years ago
- CyLR - Live Response Collection Tool☆727Jun 1, 2022Updated 4 years ago
- cloudgrep is grep for cloud storage☆330Mar 14, 2026Updated 3 months ago
- Quick ESXi Log Parser☆33Oct 20, 2025Updated 7 months ago