log2timeline / dftimewolf
A framework for orchestrating forensic collection, processing and data export
☆297Updated last week
Related projects ⓘ
Alternatives and complementary repositories for dftimewolf
- User guide of MISP☆257Updated last month
- DFIRTrack - The Incident Response Tracking Application☆482Updated 2 months ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆491Updated 2 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆181Updated this week
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆333Updated 2 years ago
- Collecting & Hunting for IOCs with gusto and style☆238Updated 3 years ago
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆268Updated 3 weeks ago
- Modules for expansion services, enrichment, import and export in MISP and other tools.☆344Updated last week
- ATT&CK Remote Threat Hunting Incident Response☆198Updated 5 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆363Updated 2 years ago
- ☆168Updated 4 months ago
- MISP trainings, threat intel and information sharing training materials with source code☆387Updated last month
- AutoMacTC: Automated Mac Forensic Triage Collector☆529Updated 2 years ago
- CyLR - Live Response Collection Tool☆641Updated 2 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆197Updated 3 years ago
- Documentation of Cortex☆170Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆141Updated last year
- 1-Click push forensics evidence to the cloud☆139Updated 4 months ago
- Dump of organized knowledge on DFIR☆132Updated 3 years ago
- CASCADE Server☆264Updated last year
- Python API Client for TheHive☆218Updated this week
- Automation and Scaling of Digital Forensics Tools☆749Updated this week
- Repository of YARA rules made by Trellix ATR Team☆569Updated 10 months ago
- A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook.☆237Updated 3 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆266Updated 9 months ago
- Live forensic artifacts collector☆160Updated 4 months ago
- A curated list of awesome things related to TheHive & Cortex☆172Updated 3 years ago
- Cortex Analyzers Repository☆433Updated this week
- Sigma rules from Joe Security☆203Updated this week
- ☆273Updated last year