Alternatives and similar repositories for dfirws

Users that are interested in dfirws are comparing it to the libraries listed below

• kacos2000 / WinEDB
  Windows.EDB Browser
  ☆57Updated 2 years ago
• YossiSassi / hAcKtive-Directory-Forensics
  ☆53Updated 3 weeks ago
• CyberDefend3r / PowerShell-Deobfuscation-Exercise
  An exercise to practice deobfuscating PowerShell Scripts.
  ☆26Updated 2 years ago
• bobby-tablez / Enable-All-The-Logs
  This script enhances endpoint logging telemetry for the purpose of advanced malware threat detection or for building detections or malwar…
  ☆33Updated 5 months ago
• csababarta / memory-baseliner
  Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…
  ☆54Updated 2 years ago
• gtworek / VolatileDataCollector
  ☆204Updated 10 months ago
• kacos2000 / Jumplist-Browser
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆37Updated last year
• EricZimmerman / RBCmd
  Recycle bin artifact parser
  ☆52Updated 7 months ago
• EZToolsManuals / EZToolsManuals
  A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub
  ☆80Updated last month
• Squiblydoo / certReport
  A tool to support the reporting of Authenticode Certificates by reducing the effort on individuals to report.
  ☆37Updated 2 weeks ago
• jischell-msft / RemoteManagementMonitoringTools
  Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
  ☆95Updated last month
• evild3ad / Get-MiniTimeline
  Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
  ☆33Updated last year
• NextronSystems / evtx-baseline
  A repository hosting example goodware evtx logs containing sample software installation and basic user interaction
  ☆80Updated 4 months ago
• keydet89 / Events-Ripper
  Project based on RegRipper, to extract add'l value/pivot points from TLN events file
  ☆88Updated 7 months ago
• EricZimmerman / Srum
  ☆48Updated 8 months ago
• moaistory / WinSearchDBAnalyzer
  http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html
  ☆125Updated last year
• mttaggart / venture
  Venture: Cross-Platform GUI tool for parsing and analyzing Windows event logs
  ☆91Updated 7 months ago
• knight0x07 / OneNoteAnalyzer
  A C# based tool for analysing malicious OneNote documents
  ☆116Updated 2 years ago
• AndrewRathbun / Anti-Forensics-VHDX
  A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…
  ☆28Updated 2 years ago
• LivingInSyn / RMML
  A list of RMMs designed to be used in automation to build alerts
  ☆112Updated 5 months ago
• alpine-sec / SPECTR3
  Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.
  ☆42Updated 10 months ago
• kacos2000 / Evtx_Log_Browser
  Evtx Log (xml) Browser
  ☆56Updated 2 years ago
• kacos2000 / Prefetch-Browser
  Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's
  ☆62Updated 9 months ago
• dfir-scripts / siftgrab
  ☆68Updated last month
• openrelik / openrelik-deploy
  Tools and scripts to deploy and manage OpenRelik instances
  ☆15Updated 3 months ago
• EricZimmerman / RECmd
  Command line access to the Registry
  ☆155Updated 2 weeks ago
• nmantani / PS-TrustedDocuments
  PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office
  ☆35Updated 2 years ago
• ashemery / WindowsDFIR
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆78Updated 4 years ago
• olafhartong / DefenderHarvester
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆110Updated last month
• secgroundzero / KQL_Reference_Manual
  ☆43Updated 4 years ago