Alternatives and similar repositories for DFIR-Resources

Users that are interested in DFIR-Resources are comparing it to the libraries listed below

• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆57Updated 3 years ago
• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆78Updated 4 years ago
• nasbench / Eventlog_Compendium
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆48Updated 4 months ago
• op7ic / Cloud-Investigate
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆39Updated last year
• PacktPublishing / Incident-Response-with-Threat-Intelligence
  Incident Response with Threat Intelligence, published by Packt
  ☆53Updated last year
• TactiKoolSec / OTHF
  Open Threat Hunting Framework
  ☆118Updated 2 years ago
• securityjoes / ForensicMiner
  A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
  ☆157Updated 5 months ago
• dfircheatsheet / dfircheatsheet.github.io
  ☆67Updated 2 years ago
• OMENScan / AChoirX
  ReWrite of AChoir in Go for Cross Platform
  ☆41Updated 2 weeks ago
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆35Updated 4 months ago
• CyberDefend3r / PowerShell-Deobfuscation-Exercise
  An exercise to practice deobfuscating PowerShell Scripts.
  ☆26Updated 2 years ago
• svch0stz / TheThreatHuntLibrary
  Library of threat hunts to get any user started!
  ☆45Updated 5 years ago
• cmdshiftd / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 7 months ago
• curated-intel / MOVEit-Transfer
  A repository for tracking events related to the MOVEit Transfer Cl0p Campaign
  ☆71Updated 2 years ago
• gmagklaras / POFR
  Penguin OS Forensic (or Flight) Recorder
  ☆40Updated 8 months ago
• HuskyHacks / blue-jupyter
  Jupyter Notebooks for the Blue Team
  ☆36Updated 8 months ago
• securityjoes / Crowdstrike-Deploy
  The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆24Updated last month
• blueteam0ps / memOptix
  A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.
  ☆97Updated 2 years ago
• dwmetz / MalChela
  A YARA & Malware Analysis Toolkit written in Rust.
  ☆48Updated last month
• docker-forensics-toolkit / toolkit
  A toolkit for the post-mortem examination of Docker containers from forensic HDD copies
  ☆105Updated last year
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆45Updated last year
• Bert-JanP / Domain-Response
  Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…
  ☆49Updated 3 weeks ago
• mthcht / ThreatHunting-Keywords-sigma-rules
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆56Updated 6 months ago
• Neo23x0 / Talks
  Slides of my public talks
  ☆56Updated last year
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆69Updated 2 years ago
• BushidoUK / MITRE-Mappings
  A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.
  ☆26Updated 5 months ago
• McL0vinn / Windows-Forensic-Examination-and-Threat-Hunting
  Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…
  ☆12Updated 3 years ago
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆88Updated 2 years ago
• dfir-scripts / siftgrab
  ☆68Updated last month
• splunk / PEAK
  Security Content for the PEAK Threat Hunting Framework
  ☆34Updated last year