Alternatives and similar repositories for dfirt

Users that are interested in dfirt are comparing it to the libraries listed below

• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• AndrewRathbun / DFIRMindMaps

  View on GitHub
  A repository of DFIR-related Mind Maps geared towards the visual learners!
  ☆551Sep 2, 2022Updated 3 years ago
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆861Jan 20, 2022Updated 4 years ago
• dwmetz / Axiom-PowerShell

  View on GitHub
  PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
  ☆12Aug 26, 2024Updated last year
• cclgroupltd / chrome-profile-view

  View on GitHub
  Python web app for previewing data in a Chrome Profile Folder
  ☆23Jul 1, 2024Updated last year
• stuhli / awesome-event-ids

  View on GitHub
  Collection of Event ID ressources useful for Digital Forensics and Incident Response
  ☆643Jun 19, 2024Updated last year
• jklepsercyber / defender-detectionhistory-parser

  View on GitHub
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆116Jan 26, 2022Updated 4 years ago
• AndrewRathbun / EventTranscript.db-Research

  View on GitHub
  A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
  ☆43Jul 18, 2022Updated 3 years ago
• ignacioj / mftf

  View on GitHub
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆38Jul 18, 2024Updated last year
• paladin316 / ThreatHunting

  View on GitHub
  This repo is where I store my Threat Hunting ideas/content
  ☆87May 9, 2023Updated 2 years ago
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆790Oct 29, 2022Updated 3 years ago
• securityjoes / ForensicMiner

  View on GitHub
  A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
  ☆162Apr 6, 2025Updated 10 months ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Aug 15, 2021Updated 4 years ago
• last-byte / PersistenceSniper

  View on GitHub
  Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…
  ☆2,048Dec 11, 2024Updated last year
• ahmedkhlief / APT-Hunter

  View on GitHub
  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …
  ☆1,400Nov 7, 2024Updated last year
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Aug 6, 2022Updated 3 years ago
• ANSSI-FR / DFIR4vSphere

  View on GitHub
  Powershell module for VMWare vSphere forensics
  ☆158Nov 8, 2024Updated last year
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆134Jan 31, 2022Updated 4 years ago
• stuxnet999 / EventTranscriptParser

  View on GitHub
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆68Sep 13, 2023Updated 2 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆264Nov 25, 2023Updated 2 years ago
• kev365 / ToolFetcher

  View on GitHub
  A tool for fetching DFIR and other GitHub tools.
  ☆25Aug 2, 2025Updated 6 months ago
• idnahacks / GoodHound

  View on GitHub
  Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
  ☆482Jul 9, 2024Updated last year
• nasbench / MindMaps

  View on GitHub
  #ThreatHunting #DFIR #Malware #Detection Mind Maps
  ☆306Nov 13, 2021Updated 4 years ago
• CyberCX-DFIR / usnjrnl_rewind

  View on GitHub
  USN Journal full path builder
  ☆65Sep 16, 2024Updated last year
• cmdaltr / elrond

  View on GitHub
  Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
  ☆32Nov 23, 2025Updated 2 months ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• dfirtrack / dfirtrack

  View on GitHub
  DFIRTrack - The Incident Response Tracking Application
  ☆532Jan 13, 2026Updated last month
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated 11 months ago
• JPCERTCC / jpcert-yara

  View on GitHub
  JPCERT/CC public YARA rules repository
  ☆108Nov 14, 2025Updated 3 months ago
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,440Oct 12, 2025Updated 4 months ago
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 3 years ago
• svch0stz / TheThreatHuntLibrary

  View on GitHub
  Library of threat hunts to get any user started!
  ☆48Sep 4, 2020Updated 5 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆780Updated this week
• LETHAL-FORENSICS / Collect-MemoryDump

  View on GitHub
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆252Oct 29, 2025Updated 3 months ago
• optiv / Go365

  View on GitHub
  An Office365 User Attack Tool
  ☆645Mar 19, 2024Updated last year
• nov3mb3r / trident

  View on GitHub
  A PowerShell incident response script for quick triage
  ☆81Jul 18, 2022Updated 3 years ago
• kacos2000 / Win10LiveInfo

  View on GitHub
  Windows 10 Live Information viewer
  ☆37Jan 27, 2022Updated 4 years ago