joachimmetz / artifactsLinks
ForensicArtifacts.com Artifact Repository
☆11Updated 5 months ago
Alternatives and similar repositories for artifacts
Users that are interested in artifacts are comparing it to the libraries listed below
Sorting:
- 2021 SANS DFIR Summit: Greppin' Logs☆20Updated 3 years ago
- ☆52Updated this week
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆80Updated last year
- Get all my software☆159Updated last month
- A framework for orchestrating forensic collection, processing and data export☆319Updated this week
- Different DFIR and CTI utilities☆37Updated 5 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆201Updated 8 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆56Updated last month
- ☆7Updated 7 months ago
- Scripts to facilitate filtering with Plaso☆125Updated 5 years ago
- Library of functions to apply Data Science in several forensics artifacts☆38Updated 9 months ago
- Tools from WFA 4/e, timeline tools, etc.☆141Updated last year
- ATT&CK Remote Threat Hunting Incident Response☆200Updated 6 months ago
- This is a set of tools for doing forensics analysis on Microsoft ESE databases.☆125Updated 3 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆216Updated 2 months ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆205Updated 3 years ago
- Library of python scripts to apply Data Science in several forensics artifacts☆31Updated 4 years ago
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆163Updated 6 months ago
- Documentation repository☆46Updated 9 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆111Updated 5 years ago
- A curated list of KAPE-related resources☆168Updated last month
- Dump of organized knowledge on DFIR☆134Updated 3 years ago
- ☆42Updated 4 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆73Updated last year
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆42Updated 2 years ago
- Carbon Black Feeds☆72Updated 2 years ago
- Example programs used in the automating DFIR series☆63Updated 6 years ago
- Security Monitoring Resolution Categories☆138Updated 3 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.☆165Updated 6 years ago
- A Splunk app to use MISP in background☆110Updated last week