Alternatives and similar repositories for DFIR-Resources

Users that are interested in DFIR-Resources are comparing it to the libraries listed below

• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆78Updated 3 years ago
• curated-intel / attack-lookup
  A MITRE ATT&CK Lookup Tool
  ☆45Updated last year
• securityjoes / Crowdstrike-Deploy
  The ultimate repository for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.
  ☆24Updated last month
• stuxnet999 / volatility-binaries
  Contains compiled binaries of Volatility
  ☆34Updated last month
• ANSSI-FR / orc2timeline
  orc2timeline extracts and analyzes artifacts contained in archives generated with DFIR-ORC.exe to create a timeline from them
  ☆33Updated last month
• McL0vinn / Windows-Forensic-Examination-and-Threat-Hunting
  Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…
  ☆11Updated 2 years ago
• archanchoudhury / Threat-Hunting
  This Repository gives the best and possible strategies against hunting the ransomware
  ☆26Updated 2 years ago
• CyberSecurityUP / Adversary-Emulation-Guide
  ☆21Updated 2 years ago
• silascutler / awesome-docker-malware-analysis
  Repository of tools and resources for analyzing Docker containers
  ☆66Updated last year
• magicsword-io / LOLBASline
  Baseline a Windows System against LOLBAS
  ☆27Updated last year
• mattreduce / cti-self-study
  Track progress and keep notes while working through likethecoins' CTI Self Study Plan
  ☆28Updated 2 years ago
• jgasmussen / Linux-Baseline-and-Forensic-Triage-Tool
  Linux Baseline and Forensic Triage Tool - BETA
  ☆55Updated 2 years ago
• cmdshiftd / elrond
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆31Updated 4 months ago
• nasbench / Eventlog_Compendium
  The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.
  ☆45Updated 2 months ago
• strozfriedberg / qelp
  Quick ESXi Log Parser
  ☆22Updated 5 months ago
• paladin316 / ThreatHunting
  This repo is where I store my Threat Hunting ideas/content
  ☆88Updated 2 years ago
• OMENScan / AChoirX
  ReWrite of AChoir in Go for Cross Platform
  ☆41Updated 4 months ago
• op7ic / Cloud-Investigate
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆39Updated last year
• moshekaplan / awesome-SOC-appliances
  A curated list of FOSS software appliances for building a SOC
  ☆18Updated 4 years ago
• BlackPerl-DFIR / IR-Cheatsheets
  This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team
  ☆19Updated 8 months ago
• 100DaysofYARA / 2025
  Rules shared by the community from 100 Days of YARA 2025
  ☆33Updated 5 months ago
• HillsyCyberSec / CheatSheet
  ☆10Updated 10 months ago
• Velocidex / cloudvelo
  An experimental Velociraptor implementation using cloud infrastructure
  ☆25Updated this week
• CERT-EDF / generaptor
  CLI generator for Velociraptor offline collector
  ☆10Updated 9 months ago
• gmagklaras / POFR
  Penguin OS Forensic (or Flight) Recorder
  ☆40Updated 6 months ago
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆69Updated last year
• gsiddharth29 / Threat-Hunting
  Threat Hunt Investigation Methodology and Procedure
  ☆15Updated 2 years ago
• HuskyHacks / MalAPIReader
  Reads and prints information from the website MalAPI.io
  ☆38Updated 3 years ago
• mattnotmax / DFIR-notes
  Random notes collected on the intertubes relating to DFIR
  ☆34Updated 2 years ago
• krdmnbrk / atomicgen.io
  A simple tool designed to create Atomic Red Team tests with ease.
  ☆44Updated 3 months ago