Alternatives and similar repositories for DFIRLab:

Users that are interested in DFIRLab are comparing it to the libraries listed below

• pr0xylife / Emotet
  IOC Collection 2022
  ☆56Updated last year
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆73Updated 10 months ago
• xophidia / DFIR_Linux_Collector
  The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…
  ☆30Updated 2 years ago
• hejelylab / easeYARA
  C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few …
  ☆32Updated 3 years ago
• herbiezimmerman / Windows-Event-Logs-With-Event-IDs
  A running list of Windows sources and the related event ids.
  ☆19Updated last year
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆50Updated last year
• SentineLabs / SentinelLabs_RevCore_Tools
  The Windows Malware Analysis Reversing Core Tools
  ☆90Updated 4 years ago
• fboldewin / YARA_Detection_Engineering
  Detection Engineering with YARA
  ☆87Updated last year
• Neo23x0 / YARA-Style-Guide
  A specification and style guide for YARA rules
  ☆44Updated 11 months ago
• Neo23x0 / yaraQA
  YARA rule analyzer to improve rule quality and performance
  ☆96Updated last month
• invoke-eric / jupyter
  Jupyter Notebooks for Cyber Threat Intelligence
  ☆35Updated last year
• svch0stz / velociraptor-detections
  ☆20Updated 2 years ago
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆75Updated last year
• alwashali / detection-validation
  Detection rule validation
  ☆41Updated last year
• BinaryDefense / YaraMemoryScanner
  Simple PowerShell script to enable process scanning with Yara.
  ☆91Updated 2 years ago
• keydet89 / Events-Ripper
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆82Updated last week
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆71Updated 4 months ago
• Sam0x90 / CTI
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆81Updated 9 months ago
• g-les / 100DaysofYARA
  100 Days of YARA to be updated with rules & ideas as the year progresses
  ☆58Updated 2 years ago
• CyberCX-DFIR / usnjrnl_rewind
  USN Journal full path builder
  ☆54Updated 4 months ago
• jstrosch / subcrawl
  SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…
  ☆50Updated last month
• kacos2000 / Prefetch-Browser
  Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
  ☆59Updated last month
• QueenSquishy / plague
  Default Detections for EDR
  ☆96Updated 11 months ago
• cudeso / dfir-iris-misp-timesketch
  Scripts to integrate DFIR-IRIS, MISP and TimeSketch
  ☆33Updated 2 years ago
• hpthreatresearch / tools
  Scripts and tools accompanying HP Threat Research blog posts and reports.
  ☆50Updated 9 months ago
• mandiant / gootloader
  Collection of scripts used to deobfuscate GOOTLOADER malware samples.
  ☆60Updated last month
• The-DFIR-Report / Yara-Rules
  ☆64Updated last week
• intelliroot-tech / InjectedCodeHunter
  “Intelliroot Code Injection Hunter” is a tool that can to help you identify injected malicious code. The tool can identify and extract po…
  ☆15Updated 2 years ago
• CrowdStrike / xwf-yara-scanner
  ☆85Updated 11 months ago
• JPCERTCC / jpcert-yara
  JPCERT/CC public YARA rules repository
  ☆106Updated last month