GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.
☆196Aug 12, 2024Updated last year
Alternatives and similar repositories for GeoLogonalyzer
Users that are interested in GeoLogonalyzer are comparing it to the libraries listed below
Sorting:
- Bro PCAP Processing and Tagging API☆28Nov 9, 2017Updated 8 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- Automated forensics written in PowerShell☆34Sep 29, 2019Updated 6 years ago
- Site for IWS book content☆17Oct 28, 2018Updated 7 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- Scripts and code referenced in CrowdStrike blog posts☆337Nov 13, 2019Updated 6 years ago
- Automated Memory Forensic☆34Jul 18, 2018Updated 7 years ago
- Carve NTFS USN records from binary data☆27May 21, 2017Updated 8 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- ☆53May 21, 2018Updated 7 years ago
- The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.☆13Sep 9, 2020Updated 5 years ago
- SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interfa…☆75Nov 6, 2016Updated 9 years ago
- misc scripts☆35Oct 23, 2018Updated 7 years ago
- pure Python binary analysis framework☆23Oct 26, 2018Updated 7 years ago
- Python script to decode common encoded PowerShell scripts☆217Jun 13, 2018Updated 7 years ago
- A Yara rule generator for finding related samples and hunting☆162Sep 11, 2022Updated 3 years ago
- Network Forensics Workshop Files☆17Apr 21, 2015Updated 10 years ago
- TIH is an intelligence tool that helps you in searching for IOCs across multiple openly available security feeds and some well known APIs…☆157Jun 13, 2025Updated 8 months ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- ☆432May 3, 2023Updated 2 years ago
- Network detector for Winnti malware☆21Mar 6, 2018Updated 7 years ago
- ☆82Jul 5, 2016Updated 9 years ago
- Office365 Log Analysis Framework☆81Jun 6, 2019Updated 6 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,428Nov 16, 2023Updated 2 years ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- ☆399Jan 7, 2026Updated last month
- A WebDAV PROPFIND covert channel to deliver payloads☆52Nov 14, 2017Updated 8 years ago
- onigiri - remote malware triage script☆24Nov 5, 2015Updated 10 years ago
- ☆280Apr 6, 2023Updated 2 years ago
- ☆524Aug 11, 2023Updated 2 years ago
- DeepToad is a library and a tool to clusterize similar files using fuzzy hashing☆20Apr 5, 2020Updated 5 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- Term concordances for each course in the SANS DFIR curriculum. Used for automated index generation.☆69Aug 7, 2020Updated 5 years ago
- QEMU with rVMI extensions☆25Jul 25, 2017Updated 8 years ago
- Tools from WFA 4/e, timeline tools, etc.☆145Feb 29, 2024Updated 2 years ago
- ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)☆179Jul 10, 2019Updated 6 years ago
- ☆262Jul 6, 2018Updated 7 years ago
- Online hash checker for Virustotal and other services☆846Mar 21, 2025Updated 11 months ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago