marcurdy/dfir-toolset external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

marcurdy/dfir-toolset

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/marcurdy/dfir-toolset)

Close

marcurdy / dfir-toolsetView on GitHubMore

• External links
• Readme badge

Dump of organized knowledge on DFIR

☆137Oct 4, 2021Updated 4 years ago

Alternatives and similar repositories for dfir-toolset

Users that are interested in dfir-toolset are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MatthewClarkMay / fTriage

  View on GitHub
  Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  ☆21Mar 12, 2019Updated 7 years ago
• jipegit / IRNotes

  View on GitHub
  Some IR notes
  ☆73Jul 23, 2016Updated 9 years ago
• orlikoski / CDQR

  View on GitHub
  The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…
  ☆343Jun 25, 2022Updated 3 years ago
• keydet89 / Tools

  View on GitHub
  Tools from WFA 4/e, timeline tools, etc.
  ☆145Feb 29, 2024Updated 2 years ago
• forensicmatt / PancakeViewer

  View on GitHub
  A DFVFS Backed Forensic Viewer
  ☆42Apr 13, 2020Updated 6 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• theflakes / reg_hunter

  View on GitHub
  Blueteam operational triage registry hunting/forensic tool.
  ☆148Sep 2, 2025Updated 8 months ago
• williballenthin / process-forest

  View on GitHub
  Reconstruct process trees from event logs
  ☆148Aug 12, 2020Updated 5 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• PoorBillionaire / Windows-Prefetch-Carver

  View on GitHub
  Carve Windows Prefetch files from arbitrary binary data
  ☆16Jun 11, 2017Updated 8 years ago
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆348May 7, 2024Updated last year
• keithjjones / visualize_logs

  View on GitHub
  A Python library and command line tools to provide interactive log visualization.
  ☆145Dec 27, 2022Updated 3 years ago
• opensourcesec / CIRTKit

  View on GitHub
  Tools for the Computer Incident Response Team
  ☆150Apr 17, 2017Updated 9 years ago
• Jrotenberger / Powershell-IR-Scripts

  View on GitHub
  ☆39Jun 28, 2019Updated 6 years ago
• daguy666 / Transit

  View on GitHub
  MacOS incident Response Toolkit. Mostly written while stuck on a NJTransit train.
  ☆20Feb 20, 2020Updated 6 years ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆506Oct 21, 2022Updated 3 years ago
• Invoke-IR / ForensicPosters

  View on GitHub
  ☆454Nov 21, 2024Updated last year
• MHaggis / sysmon-dfir

  View on GitHub
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆940Dec 12, 2023Updated 2 years ago
• moxilo / mac-osx-forensics

  View on GitHub
  Mac osx forensics tools
  ☆12Nov 28, 2020Updated 5 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• sbousseaden / Slides

  View on GitHub
  Misc Threat Hunting Resources
  ☆378Jan 26, 2023Updated 3 years ago
• ANSSI-FR / DFIR4vSphere

  View on GitHub
  Powershell module for VMWare vSphere forensics
  ☆173Nov 8, 2024Updated last year
• iSIGHTPartners / macaroni_extension

  View on GitHub
  A browser extension that seamlessly integrates your yara match notifications into VirusTotal Intelligence.
  ☆17Feb 8, 2015Updated 11 years ago
• ThreatResponse / threatresponse_web

  View on GitHub
  Web based analysis platform for use with the AWS_IR command line tool.
  ☆17Aug 4, 2016Updated 9 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• Maboalenen / DFIR

  View on GitHub
  Incident response teams usually working on the offline data, collecting the evidence, then analyze the data
  ☆47Jan 2, 2022Updated 4 years ago
• certsocietegenerale / IRM-deprecated

  View on GitHub
  Incident Response Methodologies
  ☆1,017Aug 2, 2018Updated 7 years ago
• chaoticmachinery / mass_triage_tools

  View on GitHub
  Mass Triage Tools
  ☆20Mar 10, 2026Updated last month
• open-nsm / meetings

  View on GitHub
  Meeting notes
  ☆14Apr 5, 2016Updated 10 years ago
• yampelo / beagle

  View on GitHub
  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
  ☆1,345Dec 13, 2022Updated 3 years ago
• airbus-cert / regrippy

  View on GitHub
  A modern Python-3-based alternative to RegRipper
  ☆213Mar 31, 2025Updated last year
• devgc / EventMonkey

  View on GitHub
  A Windows Event Processing Utility
  ☆47Feb 21, 2018Updated 8 years ago
• AnttiKurittu / kirjuri

  View on GitHub
  Kirjuri is a web application for managing cases and physical forensic evidence items.
  ☆108May 7, 2021Updated 4 years ago
• pstirparo / utils

  View on GitHub
  Different DFIR and CTI utilities
  ☆39May 13, 2020Updated 5 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• cyb3rfox / Aurora-Incident-Response

  View on GitHub
  Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
  ☆1,070Oct 5, 2023Updated 2 years ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• ydkhatri / mac_apt

  View on GitHub
  macOS (& ios) Artifact Parsing Tool
  ☆1,035Mar 27, 2026Updated last month
• davidpany / WMI_Forensics

  View on GitHub
  ☆312Aug 14, 2020Updated 5 years ago
• kevthehermit / VolUtility

  View on GitHub
  Web App for Volatility framework
  ☆386Jan 13, 2026Updated 3 months ago
• JPCERTCC / aa-tools

  View on GitHub
  Artifact analysis tools by JPCERT/CC Analysis Center
  ☆462Aug 14, 2025Updated 8 months ago
• Foundstone / InvestigationPlaybookSpec

  View on GitHub
  InvestigationPlaybookSpec
  ☆71Sep 26, 2017Updated 8 years ago