Alternatives and similar repositories for SANS-DFIR-2017

Users that are interested in SANS-DFIR-2017 are comparing it to the libraries listed below

• maltiverse / python-maltiverse
  API wrapper for Maltiverse
  ☆18Updated 8 months ago
• cmatthewbrooks / pyiocutils
  A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).
  ☆17Updated 6 years ago
• Silv3rHorn / autoripy
  Attempt to replicate the functions of auto_rip by Corey Harrell in Python.
  ☆13Updated 10 months ago
• bostonlink / bitcoin-explorer
  Maltego local transform that parses the Bitcoin Blockchain (blockexplorer.com) and creates Maltego graphs based on bitcoin wallet address…
  ☆38Updated 10 years ago
• egaus / malicious_url_analysis
  ☆18Updated 7 years ago
• yarox24 / evtkit
  Fix acquired .evt - Windows Event Log files (Forensics)
  ☆19Updated 9 years ago
• dougiep16 / actortrackr
  Home to the ActorTrackr source code
  ☆24Updated 8 years ago
• jonstewart / Sifter
  Indexed search and clustering tool for digital forensics
  ☆25Updated 10 years ago
• notx11 / urlScan2Hive
  Triage automation for suspect URLs
  ☆13Updated 5 years ago
• JWWeatherman / bitcoin_security_threat_model
  ☆76Updated 2 years ago
• kristovatlas / address-reuse-tracker
  Maintains stats on address reuse in Bitcoin network, displays charts
  ☆24Updated 9 years ago
• thnyheim / misp2bro
  Python script that gets IOC from MISP and converts it into BRO intel files.
  ☆13Updated 9 years ago
• jalewis / actortrackr
  Home to the ActorTrackr source code
  ☆29Updated 7 years ago
• mitchellkrogza / Badd-Boyz-Bitcoin-Scammers
  A list of bitcoin addresses being used in Ransomware and Sextortion Scams
  ☆15Updated 3 years ago
• AlienVault-OTX / ThreatCrowd-Maltego
  Maltego transforms for the ThreatCrowd search API
  ☆49Updated 7 years ago
• daguy666 / Transit
  MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.
  ☆20Updated 5 years ago
• gcrahay / otx_misp
  Imports Alienvault OTX pulses to a MISP instance
  ☆53Updated 3 years ago
• PaulSec / Shodan-mattermost
  Mattermost - Shodan Slash command
  ☆31Updated 8 years ago
• kidcrash22 / Sysmon-Threat-Intel
  ☆13Updated 7 years ago
• csirtgadgets / verbose-robot
  The Fastest way to consume Threat Intel
  ☆25Updated 3 years ago
• WeaverHeavy / Threat-Intelligence-Tradecraft
  ☆27Updated 7 years ago
• MISP / misp-vagrant
  Deploy MISP Project software with Vagrant.
  ☆43Updated 5 years ago
• mdegrazia / OnionPeeler
  Python script to batch query the Tor Relays and Bridges
  ☆36Updated 6 years ago
• opendns / investigate-examples
  Coding examples for the OpenDNS Investigate API
  ☆24Updated 5 years ago
• markedoe / cuckoo-sandbox
  cuckoo sandbox patches and scripts
  ☆15Updated 11 years ago
• obsidianforensics / scripts
  Small scripts and POCs related to digital forensics
  ☆17Updated 2 years ago
• ExabeamLabs / Synopsis
  Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.
  ☆21Updated 6 years ago
• jaegeral / osint_to_timesketch
  Virustotal Data to Timesketch
  ☆17Updated 6 years ago
• jipegit / FECT
  Fast Evidence Collector Toolkit is an incident response toolkit to collect evidences on a suspicious windows computer
  ☆42Updated 4 years ago
• UNIT777 / Email2TheHive
  This package allows for creating alerts in The Hive from emails retrieved from a Microsoft Exchange mailbox.
  ☆12Updated 7 years ago