DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspection, lateral movement tracking, persistence detection, and VirusTotal enrichment.
☆240Apr 30, 2026Updated this week
Alternatives and similar repositories for irflow-timeline
Users that are interested in irflow-timeline are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Carve file metadata from NTFS index ($I30) attributes☆72Feb 3, 2024Updated 2 years ago
- Legacy Sigma Tools (sigmac etc.)☆16May 7, 2023Updated 2 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 6 months ago
- Sigma rules converted for direct use with Zircolite☆14Updated this week
- PyVelociraptor contains the python bindings for the Velociraptor API.☆21Apr 18, 2026Updated 2 weeks ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆706Apr 21, 2026Updated last week
- ☆21Nov 19, 2025Updated 5 months ago
- Hunt for SQLite files used by various applications☆31Mar 1, 2026Updated 2 months ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆77Aug 20, 2025Updated 8 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆89Mar 11, 2026Updated last month
- An advanced parser for INDX records☆30Aug 7, 2019Updated 6 years ago
- A Docker lab integrating Splunk SIEM with Ollama LLM via MCP for AI security operations. Features Promptfoo OWASP evaluation, TA-ollama a…☆29Mar 8, 2026Updated last month
- A collection of scripts for use with CrowdStrike Falcon RTR☆19Oct 4, 2024Updated last year
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Aug 19, 2025Updated 8 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA☆85Nov 19, 2025Updated 5 months ago
- ESXi Cyber Security Incident Response Script☆27Sep 4, 2024Updated last year
- Invictus Threat Intelligence: IOCs and TTPs from blogs, research and more☆30Mar 31, 2026Updated last month
- Takajō (鷹匠) is a Hayabusa results analyzer.☆157Updated this week
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆33Apr 26, 2026Updated last week
- A Rust library for parsing and evaluating Sigma rules☆21Nov 26, 2025Updated 5 months ago
- A parser for the MFT (Master File Table) format☆158Jan 3, 2026Updated 4 months ago
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆65Dec 18, 2024Updated last year
- ETW forensic tool for Volatility3 plugin☆17Nov 15, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Repo to hold mcp server for velociraptor☆37Apr 15, 2026Updated 2 weeks ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 5 months ago
- The backend server handling API requests and task management☆62Apr 17, 2026Updated 2 weeks ago
- Hunt the windows Registry automatically using VQL☆16Updated this week
- Sigma detection rules for hunting with the threathunting-keywords project☆60Mar 2, 2025Updated last year
- Interface LLMs from within MISP to extract TTPs and threat intel from CTI reports☆18Nov 13, 2023Updated 2 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated 2 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆650Nov 7, 2025Updated 5 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- $MFT directory tree reconstruction & FILE record info☆329Oct 7, 2024Updated last year
- Parses amcache.hve files, but with a twist!☆153Updated this week
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Deep Packet Inspection • Traffic Forensics • Network Threat Detection☆53Feb 20, 2026Updated 2 months ago
- Python client for DFIR-IRIS☆26Aug 19, 2024Updated last year
- An open-source computer forensics tool that can display summary as the result of Windows Event Log analysis based on the chosen function(…☆11Feb 2, 2023Updated 3 years ago
- 🦉🔬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.☆11Jan 9, 2020Updated 6 years ago