Alternatives and similar repositories for dfirws

Users that are interested in dfirws are comparing it to the libraries listed below

• YossiSassi / hAcKtive-Directory-Forensics
  ☆53Updated last month
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆80Updated this week
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆55Updated 2 years ago
• keydet89 / Events-Ripper
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆88Updated 8 months ago
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆97Updated last month
• CyberDefend3r / PowerShell-Deobfuscation-Exercise
  An exercise to practice deobfuscating PowerShell Scripts.
  ☆26Updated 2 years ago
• bobby-tablez / Enable-All-The-Logs
  This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malwar…
  ☆33Updated 6 months ago
• knight0x07 / OneNoteAnalyzer
  A C# based tool for analysing malicious OneNote documents
  ☆116Updated 2 years ago
• moaistory / WinSearchDBAnalyzer
  http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
  ☆124Updated last year
• kacos2000 / WinEDB
  Windows.EDB Browser
  ☆58Updated 2 years ago
• lxndrblz / forensicsim
  A forensic open-source parser module for Autopsy that allows extracting the messages, comments, posts, contacts, calendar entries and rea…
  ☆103Updated this week
• DFIRKuiper / Hoarder
  ☆19Updated 3 years ago
• evild3ad / Get-MiniTimeline
  Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
  ☆33Updated last year
• kacos2000 / Evtx_Log_Browser
  Evtx Log (xml) Browser
  ☆55Updated 2 years ago
• EZToolsManuals / EZToolsManuals
  A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
  ☆82Updated 2 months ago
• LivingInSyn / RMML
  A list of RMMs designed to be used in automation to build alerts
  ☆113Updated 6 months ago
• yarox24 / EvtxHussar
  Initial triage of Windows Event logs
  ☆102Updated last year
• joeavanzato / LogBoost
  Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…
  ☆108Updated last year
• AndrewRathbun / DFIRPowerShellScripts
  Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
  ☆47Updated last year
• openrelik / openrelik-deploy
  Tools and scripts to deploy and manage OpenRelik instances
  ☆15Updated 4 months ago
• kacos2000 / Jumplist-Browser
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆37Updated last year
• jklepsercyber / defender-detectionhistory-parser
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆113Updated 3 years ago
• MHaggis / SDDLMaker
  The home of the SDDLMaker
  ☆24Updated 8 months ago
• kev365 / OSDFIR-Lab
  ☆23Updated last month
• AndrewRathbun / Anti-Forensics-VHDX
  A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…
  ☆28Updated 2 years ago
• joeavanzato / velociraptor-timeline-creator
  VTC - Velociraptor Timeline Creator
  ☆18Updated last year
• mnrkbys / fjta
  FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…
  ☆89Updated last week
• MHaggis / notes
  Full of public notes and Utilities
  ☆127Updated 8 months ago
• gtworek / VolatileDataCollector
  ☆202Updated 11 months ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆109Updated last month