ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework
☆181Mar 2, 2026Updated 2 months ago
Alternatives and similar repositories for ALFA
Users that are interested in ALFA are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆229Oct 26, 2025Updated 7 months ago
- A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of …☆201Jan 6, 2026Updated 4 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆809May 6, 2026Updated 2 weeks ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 3 months ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆83Jan 6, 2026Updated 4 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆31Jul 12, 2023Updated 2 years ago
- ☆72Oct 21, 2024Updated last year
- Notes on responding to security breaches relating to Azure AD☆123Mar 14, 2022Updated 4 years ago
- The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…☆279Feb 2, 2021Updated 5 years ago
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆59Jun 7, 2022Updated 3 years ago
- PowerShell module for Office 365 and Azure log collection☆281Sep 22, 2025Updated 8 months ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Repository of attack and defensive information for Business Email Compromise investigations☆276Apr 19, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆626May 15, 2026Updated last week
- Extract BITS jobs from QMGR queue and store them as CSV records☆74Feb 13, 2025Updated last year
- Scripts to for ready-to-use Velociraptor instance deployment in Azure☆14Jun 27, 2023Updated 2 years ago
- USN Journal full path builder☆69Apr 16, 2026Updated last month
- Powershell module for VMWare vSphere forensics☆183Nov 8, 2024Updated last year
- Aftermath is a free macOS IR framework☆583Sep 25, 2025Updated 8 months ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆80Jan 9, 2024Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆175May 3, 2026Updated 3 weeks ago
- ESXi Cyber Security Incident Response Script☆28Sep 4, 2024Updated last year
- ☆23Mar 12, 2025Updated last year
- DFIQ is a collection of investigative questions and the approaches for answering them☆309Mar 10, 2026Updated 2 months ago
- ☆19Apr 16, 2026Updated last month
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆715May 2, 2026Updated 3 weeks ago
- ☆152Jun 5, 2024Updated last year
- ☆75Mar 19, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆812May 15, 2026Updated last week
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆43Sep 21, 2023Updated 2 years ago
- ☆27Mar 2, 2022Updated 4 years ago
- CyLR - Live Response Collection Tool☆725Jun 1, 2022Updated 3 years ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆43Oct 20, 2020Updated 5 years ago
- cloudgrep is grep for cloud storage☆329Mar 14, 2026Updated 2 months ago
- Quick ESXi Log Parser☆31Oct 20, 2025Updated 7 months ago