Alternatives and similar repositories for artifacts

Users that are interested in artifacts are comparing it to the libraries listed below

• log2timeline / dftimewolf
  A framework for orchestrating forensic collection, processing and data export
  ☆341Updated 2 weeks ago
• mark-hallman / plaso_filters
  Scripts to facilitate filtering with Plaso
  ☆128Updated 5 years ago
• carbonblack / cbfeeds
  Carbon Black Feeds
  ☆73Updated 2 years ago
• syloktools / MISP-QRADAR-REFERENCE-SET-BUILDER
  Pulls IOCs from MISP and adds the to reference sets in QRadar
  ☆34Updated 2 years ago
• dlcowen / sansfor509
  Public script from SANS FOR509 Enterprise Cloud Incident Response
  ☆218Updated 3 months ago
• strozfriedberg / greppin-logs
  2021 SANS DFIR Summit: Greppin' Logs
  ☆20Updated 3 months ago
• MISP / misp-book
  User guide of MISP
  ☆283Updated last year
• redcanaryco / surveyor
  A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
  ☆255Updated 10 months ago
• MalwareArchaeology / ARTHIR
  ATT&CK Remote Threat Hunting Incident Response
  ☆206Updated last year
• EricZimmerman / Get-ZimmermanTools
  Get all my software
  ☆186Updated last month
• inodee / threathunting-spl
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆289Updated 2 years ago
• EricZimmerman / SQLECmd
  ☆58Updated 2 weeks ago
• mbevilacqua / appcompatprocessor
  "Evolving AppCompat/AmCache data analysis beyond grep"
  ☆209Updated 4 years ago
• megan201296 / gsuite-dfir
  ☆42Updated 5 years ago
• EricZimmerman / ericzimmerman.github.io
  Software downloads
  ☆109Updated 9 months ago
• marcurdy / dfir-toolset
  Dump of organized knowledge on DFIR
  ☆138Updated 4 years ago
• blueteam0ps / AllthingsTimesketch
  This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.
  ☆118Updated 2 years ago
• orlikoski / CDQR
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆344Updated 3 years ago
• ReconInfoSec / velociraptor-to-timesketch
  ☆14Updated last year
• MarkBaggett / freq
  This is a repository for freq.py and freq_server.py
  ☆214Updated last week
• williballenthin / INDXParse
  Tool suite for inspecting NTFS artifacts.
  ☆225Updated 2 years ago
• apger / SA-RBA
  Risk Based Alerting Supporting Add-On (SA) for Splunk
  ☆44Updated 4 years ago
• bk-cs / rtr
  Real-time Response scripts and schema
  ☆122Updated 3 months ago
• d3sre / Use_Case_Applicability
  Security Monitoring Resolution Categories
  ☆138Updated 4 years ago
• carbonblack / cbapi-python
  Carbon Black API - Python language bindings
  ☆145Updated last year
• MarkBaggett / ese-analyst
  This is a set of tools for doing forensics analysis on Microsoft ESE databases.
  ☆128Updated 4 years ago
• abrignoni / DFIR-SQL-Query-Repo
  Collection of SQL query templates for digital forensics use by platform and application.
  ☆111Updated 4 years ago
• TazWake / Public
  Collection of scripts provided for public use
  ☆39Updated last week
• phantomcyber / phantom-apps
  Phantom Apps Repo
  ☆82Updated 4 years ago
• sans-blue-team / freq.py
  Mark Baggett's (@MarkBaggett - GSE #15, SANS SEC573 Author) tool for detecting randomness using NLP techniques rather than pure entropy c…
  ☆129Updated 3 years ago