Alternatives and similar repositories for CDQR

Users that are interested in CDQR are comparing it to the libraries listed below

• orlikoski / Skadi

  View on GitHub
  Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
  ☆504Oct 21, 2022Updated 3 years ago
• orlikoski / CyLR

  View on GitHub
  CyLR - Live Response Collection Tool
  ☆708Jun 1, 2022Updated 3 years ago
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆346May 7, 2024Updated last year
• ForensicArtifacts / artifacts

  View on GitHub
  Digital Forensics artifact repository
  ☆1,201Feb 7, 2026Updated last week
• SekoiaLab / Fastir_Collector

  View on GitHub
  ☆519Jan 26, 2021Updated 5 years ago
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,010Updated this week
• davidpany / WMI_Forensics

  View on GitHub
  ☆308Aug 14, 2020Updated 5 years ago
• OMENScan / AChoir

  View on GitHub
  Windows Live Artifacts Acquisition Script
  ☆190Jun 20, 2022Updated 3 years ago
• MatthewClarkMay / fTriage

  View on GitHub
  Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.
  ☆21Mar 12, 2019Updated 6 years ago
• Invoke-IR / PowerForensics

  View on GitHub
  PowerForensics provides an all in one platform for live disk forensic analysis
  ☆1,428Nov 16, 2023Updated 2 years ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,639Nov 22, 2022Updated 3 years ago
• PUNCH-Cyber / stoq

  View on GitHub
  An open source framework for enterprise level automated analysis.
  ☆393Jun 27, 2022Updated 3 years ago
• biggiesmallsAG / nightHawkResponse

  View on GitHub
  Incident Response Forensic Framework
  ☆611Nov 20, 2019Updated 6 years ago
• CrowdStrike / automactc

  View on GitHub
  AutoMacTC: Automated Mac Forensic Triage Collector
  ☆558Mar 31, 2022Updated 3 years ago
• mkorman90 / VolatilityBot

  View on GitHub
  VolatilityBot – An automated memory analyzer for malware samples and memory dumps
  ☆270Jun 15, 2021Updated 4 years ago
• williballenthin / EVTXtract

  View on GitHub
  EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
  ☆208Mar 12, 2025Updated 11 months ago
• google / timesketch

  View on GitHub
  Collaborative forensic timeline analysis
  ☆3,265Updated this week
• giMini / NOAH

  View on GitHub
  PowerShell No Agent Hunting
  ☆111Apr 23, 2018Updated 7 years ago
• MarkBaggett / srum-dump

  View on GitHub
  A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
  ☆735Jun 5, 2025Updated 8 months ago
• log2timeline / dftimewolf

  View on GitHub
  A framework for orchestrating forensic collection, processing and data export
  ☆341Jan 28, 2026Updated 2 weeks ago
• google / turbinia

  View on GitHub
  Automation and Scaling of Digital Forensics Tools
  ☆782Jan 15, 2026Updated 3 weeks ago
• kacos2000 / Win10LiveInfo

  View on GitHub
  Windows 10 Live Information viewer
  ☆37Jan 27, 2022Updated 4 years ago
• gleeda / memtriage

  View on GitHub
  Allows you to quickly query a Windows machine for RAM artifacts
  ☆218Jul 17, 2020Updated 5 years ago
• CrowdStrike / Forensics

  View on GitHub
  Scripts and code referenced in CrowdStrike blog posts
  ☆336Nov 13, 2019Updated 6 years ago
• grayfold3d / POSH-Triage

  View on GitHub
  Tools for parsing Forensic images
  ☆41Dec 14, 2018Updated 7 years ago
• marcurdy / dfir-toolset

  View on GitHub
  Dump of organized knowledge on DFIR
  ☆138Oct 4, 2021Updated 4 years ago
• JamesHabben / sysmon-queries

  View on GitHub
  Queries to parse sysmon event log file with microsoft logparser
  ☆58Mar 31, 2015Updated 10 years ago
• forensicmatt / RustyReg

  View on GitHub
  Registry to JSON. This Project is for learning purposes and is not maintained.
  ☆12Dec 28, 2021Updated 4 years ago
• matthewdunwoody / block-parser

  View on GitHub
  Parser for Windows PowerShell script block logs
  ☆100Aug 4, 2024Updated last year
• diogo-fernan / ir-rescue

  View on GitHub
  A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
  ☆487Feb 21, 2021Updated 4 years ago
• JPCERTCC / SysmonSearch

  View on GitHub
  Investigate suspicious activity by visualizing Sysmon's event log
  ☆431Dec 22, 2023Updated 2 years ago
• woanware / autorunner

  View on GitHub
  Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing
  ☆55May 18, 2019Updated 6 years ago
• THIBER-ORG / userline

  View on GitHub
  Query and report user logons relations from MS Windows Security Events
  ☆243Aug 9, 2018Updated 7 years ago
• JPCERTCC / aa-tools

  View on GitHub
  Artifact analysis tools by JPCERT/CC Analysis Center
  ☆464Aug 14, 2025Updated 6 months ago
• AJMartel / IRTriage

  View on GitHub
  Incident Response Triage - Windows Evidence Collection for Forensic Analysis
  ☆136Apr 21, 2016Updated 9 years ago
• msuhanov / yarp

  View on GitHub
  Yet another registry parser
  ☆138Apr 15, 2022Updated 3 years ago
• AndrewRathbun / DFIRArtifactMuseum

  View on GitHub
  The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…
  ☆645Nov 7, 2025Updated 3 months ago
• mkorman90 / regipy

  View on GitHub
  Regipy is an os independent python library for parsing offline registry hives
  ☆266Jan 22, 2026Updated 3 weeks ago
• EricZimmerman / KapeFiles

  View on GitHub
  This repository serves as a place for community created Targets and Modules for use with KAPE.
  ☆815Feb 4, 2026Updated last week