Alternatives and similar repositories for dfirws

Users that are interested in dfirws are comparing it to the libraries listed below

• YossiSassi / hAcKtive-Directory-Forensics
  ☆53Updated 2 months ago
• CyberDefend3r / PowerShell-Deobfuscation-Exercise
  An exercise to practice deobfuscating PowerShell Scripts.
  ☆26Updated 2 years ago
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆101Updated 3 months ago
• keydet89 / Events-Ripper
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆88Updated 10 months ago
• joeavanzato / LogBoost
  Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…
  ☆108Updated last year
• EZToolsManuals / EZToolsManuals
  A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
  ☆85Updated 4 months ago
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆56Updated 2 years ago
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆114Updated 3 years ago
• mttaggart / venture
  Venture: Cross-Platform GUI tool for parsing and analyzing Windows event logs
  ☆91Updated 10 months ago
• bobby-tablez / Enable-All-The-Logs
  This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malwar…
  ☆36Updated 8 months ago
• lxndrblz / forensicsim
  A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…
  ☆112Updated 3 weeks ago
• kacos2000 / WinEDB
  Windows.EDB Browser
  ☆60Updated 2 years ago
• AndrewRathbun / DFIRPowerShellScripts
  Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
  ☆49Updated last year
• dfir-scripts / siftgrab
  ☆68Updated 2 weeks ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆113Updated 3 months ago
• knight0x07 / OneNoteAnalyzer
  A C# based tool for analysing malicious OneNote documents
  ☆118Updated 2 years ago
• invictus-ir / Blue-team-app-Office-365-and-Azure
  ☆75Updated last year
• reprise99 / 4688-sysmon
  ☆61Updated 2 years ago
• openrelik / openrelik-deploy
  Tools and scripts to deploy and manage OpenRelik instances
  ☆14Updated 6 months ago
• evild3ad / Get-MiniTimeline
  Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
  ☆33Updated last year
• secgroundzero / KQL_Reference_Manual
  ☆43Updated 4 years ago
• nasbench / Misc-Research
  A collection of tools, scripts and personal research
  ☆152Updated this week
• stuxnet999 / EventTranscriptParser
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆66Updated 2 years ago
• LivingInSyn / RMML
  A list of RMMs designed to be used in automation to build alerts
  ☆116Updated last month
• moaistory / WinSearchDBAnalyzer
  http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
  ☆126Updated last year
• DFIRKuiper / Hoarder
  ☆20Updated 3 years ago
• MHaggis / notes
  Full of public notes and Utilities
  ☆129Updated 10 months ago
• kacos2000 / WindowsTimeline
  Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
  ☆195Updated 2 years ago
• FrankMcGovern / Hidden-Vendor-Security-Advisories
  This repo contains a list of vendors that hide their security advisories, alerts, notices, vulnerabilities, and more behind either a payw…
  ☆32Updated last year
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆84Updated 2 months ago