Alternatives and similar repositories for DFIR-Resources

Users that are interested in DFIR-Resources are comparing it to the libraries listed below

• cyberg3cko / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 3 months ago
• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆25Updated this week
• securityjoes / Crowdstrike-Deploy
  The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆23Updated 2 weeks ago
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆55Updated 2 years ago
• magicsword-io / LOLBASline
  Baseline a Windows System against LOLBAS
  ☆27Updated last year
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆45Updated last year
• CERT-EDF / generaptor
  CLI generator for Velociraptor offline collector
  ☆9Updated 8 months ago
• JPMinty / Detection_Engineering_Signatures
  YARA, SIGMA, SNORT Rules based on Malware Analysis
  ☆16Updated 3 weeks ago
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆55Updated 2 months ago
• op7ic / Cloud-Investigate
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆39Updated last year
• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆33Updated 2 weeks ago
• mattnotmax / DFIR-notes
  Random notes collected on the intertubes relating to DFIR
  ☆32Updated last year
• surya4n6 / dc29-btv-2021
  ☆15Updated 3 years ago
• OMENScan / AChoirX
  ReWrite of AChoir in Go for Cross Platform
  ☆41Updated 2 months ago
• archanchoudhury / Threat-Hunting
  This Repository gives the best and possible strategies against hunting the ransomware
  ☆26Updated 2 years ago
• nasbench / Eventlog_Compendium
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆42Updated 3 weeks ago
• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆77Updated 3 years ago
• BushidoUK / MITRE-Mappings
  A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.
  ☆24Updated last month
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆87Updated 2 years ago
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆33Updated 3 months ago
• jstrosch / subcrawl
  SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…
  ☆51Updated 5 months ago
• Sam0x90 / CB-Threat-Hunting
  CarbonBlack EDR detection rules and response actions
  ☆71Updated 8 months ago
• gajos112 / Digital-Forensics
  ☆38Updated 3 years ago
• strozfriedberg / qelp
  Quick ESXi Log Parser
  ☆19Updated 4 months ago
• svch0stz / velociraptor-detections
  ☆21Updated 2 years ago
• blacklanternsecurity / sigma-rules
  A collection of Sigma rules organized by MITRE ATT&CK technique
  ☆17Updated 3 years ago
• dwmetz / MalChela
  A YARA & Malware Analysis Toolkit written in Rust.
  ☆30Updated this week
• kev365 / ToolFetcher
  A tool for fetching DFIR and other GitHub tools.
  ☆23Updated last week
• Lyc4on / EvtXHunt
  EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.
  ☆16Updated 3 years ago
• bittib010 / AjourVolAutolity
  A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.
  ☆16Updated 5 months ago