Alternatives and similar repositories for artifacts

Users that are interested in artifacts are comparing it to the libraries listed below

• log2timeline / dftimewolf
  A framework for orchestrating forensic collection, processing and data export
  ☆328Updated this week
• mbevilacqua / appcompatprocessor
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆205Updated 3 years ago
• dlcowen / sansfor509
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆208Updated last week
• strozfriedberg / greppin-logs
  2021 SANS DFIR Summit: Greppin' Logs
  ☆20Updated 4 years ago
• redcanaryco / surveyor
  A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
  ☆228Updated 5 months ago
• mark-hallman / plaso_filters
  Scripts to facilitate filtering with Plaso
  ☆126Updated 5 years ago
• EricZimmerman / SQLECmd
  ☆52Updated last month
• abrignoni / DFIR-SQL-Query-Repo
  Collection of SQL query templates for digital forensics use by platform and application.
  ☆108Updated 4 years ago
• EricZimmerman / Get-ZimmermanTools
  Get all my software
  ☆168Updated 3 months ago
• ds4n6 / ds4n6_lib
  Library of functions to apply Data Science in several forensics artifacts
  ☆40Updated last year
• marcurdy / dfir-toolset
  Dump of organized knowledge on DFIR
  ☆135Updated 3 years ago
• carbonblack / cbfeeds
  Carbon Black Feeds
  ☆73Updated 2 years ago
• AndrewRathbun / VanillaWindowsReference
  A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …
  ☆172Updated 9 months ago
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆125Updated 3 years ago
• EricZimmerman / KapeDocs
  Documentation repository
  ☆45Updated last year
• gajos112 / PowerShell-Timeliner
  ☆13Updated 3 years ago
• AndrewRathbun / KAPE-EZToolsAncillaryUpdater
  A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…
  ☆57Updated 2 months ago
• ReconInfoSec / velociraptor-to-timesketch
  ☆12Updated 10 months ago
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆224Updated last year
• MalwareArchaeology / ARTHIR
  ATT&CK Remote Threat Hunting Incident Response
  ☆203Updated 8 months ago
• open-source-dfir / slack
  Information about the open-source-dfir slack community
  ☆30Updated 2 years ago
• forensicanalysis / artifactcollector
  🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
  ☆291Updated 3 months ago
• inodee / threathunting-spl
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆287Updated last year
• syloktools / MISP-QRADAR-REFERENCE-SET-BUILDER
  Pulls IOCs from MISP and adds the to reference sets in QRadar
  ☆34Updated 2 years ago
• sdckey / EnScript-Samples
  This repository is a collection of EnScript code samples for use in the OpenText Endpoint Forensic and OpenText Endpoint Investigator app…
  ☆54Updated last month
• ds4n6 / ds4n6_scripts
  Library of python scripts to apply Data Science in several forensics artifacts
  ☆31Updated 5 years ago
• dfirtips / evids.dfir.tips
  ☆11Updated 5 years ago
• dod-cyber-crime-center / DC3-MWCP
  DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …
  ☆332Updated 6 months ago
• blueteam0ps / AllthingsTimesketch
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆113Updated last year
• pstirparo / utils
  Different DFIR and CTI utilities
  ☆37Updated 5 years ago