pinesol93 / MemoryForensicSamples
Links to various memory samples
☆28Updated 3 months ago
Alternatives and similar repositories for MemoryForensicSamples:
Users that are interested in MemoryForensicSamples are comparing it to the libraries listed below
- ☆65Updated 2 years ago
- Jupyter Notebooks for the Blue Team☆145Updated last week
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Updated last year
- Windows Forensics Environment Builder☆131Updated 2 months ago
- Harness the power of Splunk for your investigations☆95Updated this week
- ☆68Updated 3 months ago
- A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts☆59Updated 4 months ago
- Some important DFIR Resources☆83Updated 2 years ago
- The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportu…☆207Updated last month
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆95Updated last year
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆68Updated last year
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆279Updated 7 months ago
- macOS Artifacts☆28Updated last month
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- Incident Response documents and tooling☆69Updated last year
- A hex viewer for the sleuths!☆17Updated last year
- A specification and style guide for YARA rules☆47Updated last year
- Understanding and analyzing carrier files workshop repo☆50Updated 5 years ago
- Rules shared by the community from 100 Days of YARA 2024☆85Updated 3 months ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆108Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆155Updated 4 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last month
- Repository of public reference frameworks for the DFIR community.☆115Updated last year
- A python script developed to process Windows memory images based on triage type.☆261Updated last year
- A curated list of KAPE-related resources☆164Updated 2 weeks ago
- Detection Engineering with YARA☆87Updated last year
- Xavier Framework is a user interface wrapper built on top of the Volatility(c) memory forensics framework.☆45Updated 2 years ago
- Windows Malware Investigation Scripts & Docs☆81Updated 4 months ago
- The Windows Malware Analysis Reversing Core Tools☆93Updated 4 years ago
- The Threat Actor Profile Guide for CTI Analysts☆106Updated last year