Random notes collected on the intertubes relating to DFIR
☆35Jun 26, 2023Updated 2 years ago
Alternatives and similar repositories for DFIR-notes
Users that are interested in DFIR-notes are comparing it to the libraries listed below
Sorting:
- Lazy SPL to detect Spring4Shell exploitation☆12Jul 8, 2022Updated 3 years ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Nov 13, 2022Updated 3 years ago
- Jupyter Notebooks for Digital Forensics & Incident Response☆10Nov 23, 2021Updated 4 years ago
- Anteater is Reconnaissance tool for discovering interesting files and folders in a web application that most likely has been misconfigure…☆13Jun 12, 2024Updated last year
- GUI for regripper☆11Mar 19, 2019Updated 6 years ago
- ☆13Mar 12, 2022Updated 3 years ago
- Download images from URLs within a CSV☆13Jan 6, 2021Updated 5 years ago
- Web scraping | Website cloner | Path Traversal Scanner☆16Sep 27, 2025Updated 5 months ago
- Field guide to gather low-hanging fruits☆14Mar 20, 2025Updated 11 months ago
- Collection of scripts / samples / snippits around the community service at www.filescan.io☆17Nov 6, 2025Updated 3 months ago
- ☆15Jan 10, 2019Updated 7 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Penguin OS Forensic (or Flight) Recorder☆40Dec 25, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- A forensic analysis framework for enumerating slack artifacts residing in the Operating system.☆18Sep 23, 2025Updated 5 months ago
- Registry Miner☆14Apr 10, 2018Updated 7 years ago
- Miscellaneous Scripts☆17Sep 11, 2020Updated 5 years ago
- Automated Memory Forensic☆34Jul 18, 2018Updated 7 years ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated last month
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- A config file that's curated for DFIR examiners with shortcuts to common Windows artifacts and settings enabled that help make your life …☆39Jan 6, 2025Updated last year
- Actualización de Huron, distro Linux para Osint☆21Jul 30, 2019Updated 6 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆43Jul 18, 2022Updated 3 years ago
- Carves and recreates VSS catalog and store from Windows disk image.☆99Jan 24, 2023Updated 3 years ago
- Some important DFIR Resources☆84Mar 16, 2023Updated 2 years ago
- Various tools and scripts☆43Nov 30, 2022Updated 3 years ago
- Tools from WFA 4/e, timeline tools, etc.☆145Feb 29, 2024Updated 2 years ago
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆21Aug 23, 2024Updated last year
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- ☆25Jul 23, 2024Updated last year
- Extracts fields from zeek logs, compatible with zeek-cut☆26Jul 10, 2024Updated last year
- Dump of organized knowledge on DFIR☆138Oct 4, 2021Updated 4 years ago
- Regular Expressions List used in Digital Forensic Tasks☆94Feb 20, 2025Updated last year
- Gmail URL Decoder is an Open Source Python tool that can be used against plaintext or arbitrary raw data files in order to find, extract,…☆63Nov 25, 2019Updated 6 years ago
- Enumeration & fingerprint tool☆23Mar 3, 2024Updated last year
- macOS triage is a python script to collect various macOS logs, artifacts, and other data.☆25Mar 25, 2021Updated 4 years ago
- Hunt for SQLite files used by various applications☆30Jan 31, 2026Updated last month