ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆174Mar 2, 2026Updated 3 weeks ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆226Oct 26, 2025Updated 5 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆198Jan 6, 2026Updated 2 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆776Mar 3, 2026Updated 3 weeks ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated last month
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆80Jan 6, 2026Updated 2 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- Notes on responding to security breaches relating to Azure AD☆122Mar 14, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆279Feb 2, 2021Updated 5 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆58Jun 7, 2022Updated 3 years ago
- PowerShell module for Office 365 and Azure log collection☆280Sep 22, 2025Updated 6 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276May 10, 2025Updated 10 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆581Dec 6, 2025Updated 3 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Feb 13, 2025Updated last year
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- Powershell module for VMWare vSphere forensics☆170Nov 8, 2024Updated last year
- USN Journal full path builder☆67Sep 16, 2024Updated last year
- Aftermath is a free macOS IR framework☆570Sep 25, 2025Updated 6 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆79Jan 9, 2024Updated 2 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆171Updated this week
- ESXi Cyber Security Incident Response Script☆25Sep 4, 2024Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆301Mar 10, 2026Updated 2 weeks ago
- ☆24Mar 12, 2025Updated last year
- ☆17Jan 22, 2026Updated 2 months ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆701Oct 22, 2025Updated 5 months ago
- ☆152Jun 5, 2024Updated last year
- ☆75Mar 19, 2025Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆791Mar 14, 2026Updated last week
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- CyLR - Live Response Collection Tool☆714Jun 1, 2022Updated 3 years ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Oct 20, 2020Updated 5 years ago
- ☆27Mar 2, 2022Updated 4 years ago
- Quick ESXi Log Parser☆30Oct 20, 2025Updated 5 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆89Feb 9, 2025Updated last year