DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, and Plaso files with built-in process inspection, lateral movement tracking, and persistence detection.
☆136Mar 4, 2026Updated this week
Alternatives and similar repositories for irflow-timeline
Users that are interested in irflow-timeline are comparing it to the libraries listed below
Sorting:
- Hunt for SQLite files used by various applications☆30Jan 31, 2026Updated last month
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Aug 19, 2025Updated 6 months ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆35Oct 24, 2025Updated 4 months ago
- ☆21Nov 19, 2025Updated 3 months ago
- Interface LLMs from within MISP to extract TTPs and threat intel from CTI reports☆18Nov 13, 2023Updated 2 years ago
- Deep Packet Inspection • Traffic Forensics • Network Threat Detection☆44Feb 20, 2026Updated last week
- A Rust library for parsing and evaluating Sigma rules☆19Nov 26, 2025Updated 3 months ago
- Yet Another Memory Analyzer for malware detection and Guarding Operations with YARA and SIGMA☆81Nov 19, 2025Updated 3 months ago
- A dataset with CloudTrail events from an attack simulation using Stratus.☆25Jul 12, 2023Updated 2 years ago
- ☆25Feb 13, 2021Updated 5 years ago
- macOS Artifacts☆33Mar 2, 2025Updated last year
- This crate provides functions for working with IPv4 CIDRs and IPv6 CIDRs.☆33Dec 26, 2025Updated 2 months ago
- Past presentation materials☆10Jul 10, 2018Updated 7 years ago
- Microsoft-Defender-for-IoT☆14May 26, 2025Updated 9 months ago
- Some YARA rules i will add from time to time☆12May 31, 2019Updated 6 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- ☆10Jul 1, 2023Updated 2 years ago
- Windows Event Log Auditor☆91Updated this week
- Terminate AV/EDR processes by exploiting the vulnerable NsecSoft driver☆33Sep 15, 2025Updated 5 months ago
- 🦉🔬A small PowerShell tool for finding information quickly on malicious IPs or FQDNs. Powershell threat hunting.☆11Jan 9, 2020Updated 6 years ago
- ☆16Jul 21, 2018Updated 7 years ago
- Metasploit RPC controller application☆11Aug 20, 2018Updated 7 years ago
- ☆13Mar 11, 2023Updated 2 years ago
- Notes and utilities for reverse engineering Agilent PCIe Protocol Analyzers and their host software.☆14Oct 9, 2025Updated 4 months ago
- Collect AWS logs and query them instantly with SQL! Open source CLI. No DB required.☆16Updated this week
- Python CLI covering the FileScan.IO API - enabling automatic interaction with www.filescan.io or private instances☆16Jul 15, 2025Updated 7 months ago
- Automatically find and clip the most engaging parts of YouTube videos using heatmap-based viewer interaction data.☆33Jan 9, 2026Updated last month
- A method for parsing Snort Barnyard2 logs from pfSense in Graylog☆10May 26, 2020Updated 5 years ago
- ☆10Mar 31, 2021Updated 4 years ago
- Execute Shellcode And Other Goodies From MMC☆14Jun 17, 2015Updated 10 years ago
- Collection of my Security Blueprints & Guides☆52Oct 2, 2025Updated 5 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆57Feb 19, 2026Updated last week
- ☆13Feb 18, 2024Updated 2 years ago
- ☆11Jun 30, 2016Updated 9 years ago
- massively concurrent web scraping☆24Apr 19, 2009Updated 16 years ago
- Summarize CTI reports with OpenAI☆18Feb 23, 2026Updated last week
- Scripts from my book OS X Incident Response Scripting and Analysis -> https://www.amazon.com/dp/012804456X/ref=cm_sw_r_tw_dp_U_x_fQeLAb68…☆50Sep 23, 2016Updated 9 years ago
- Public Chronicle Detection Rules☆12Apr 25, 2023Updated 2 years ago