Alternatives and similar repositories for DFIR-Tools

Users that are interested in DFIR-Tools are comparing it to the libraries listed below

• Johnng007 / Anteater

  View on GitHub
  Anteater is Reconnaissance tool for discovering interesting files and folders in a web application that most likely has been misconfigure…
  ☆13Jun 12, 2024Updated last year
• SneakyNachos / MalwareAnalysisTraining

  View on GitHub
  Work in Progress repo
  ☆15Apr 18, 2019Updated 6 years ago
• EbryxLabs / __DFIR-scripts

  View on GitHub
  Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment
  ☆14Jan 7, 2026Updated last month
• dwmetz / PSHero

  View on GitHub
  PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
  ☆36Jul 11, 2023Updated 2 years ago
• frizb / Powershell-Cheatsheet

  View on GitHub
  Hand list of Powershell commands frequently used during penetration tests
  ☆15Oct 14, 2018Updated 7 years ago
• kacos2000 / Jumplist-Browser

  View on GitHub
  Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser
  ☆42Updated this week
• atthacks / Privescker

  View on GitHub
  Privescker - make life easier by dumping all your common Windows enum, privesc and post exploitation scripts and tools on to the box in o…
  ☆45Apr 4, 2022Updated 3 years ago
• cyberbutler / bash-logging-elk

  View on GitHub
  ☆19Aug 2, 2020Updated 5 years ago
• markmckinnon / Autopsy-NBM-Plugins

  View on GitHub
  Autopsy NBM Plugins
  ☆18Jul 9, 2023Updated 2 years ago
• HuskyHacks / blue-jupyter

  View on GitHub
  Jupyter Notebooks for the Blue Team
  ☆39Jan 16, 2025Updated last year
• TonyPhipps / Powershell

  View on GitHub
  Tony's collection of powershell scripts, typically geared toward cybersec
  ☆35Jan 16, 2026Updated 3 weeks ago
• muhammedmbassem / OSCP-Scripts

  View on GitHub
  OSCP Scripts
  ☆14Jan 21, 2016Updated 10 years ago
• wetw0rk / SLAE

  View on GitHub
  The following repository contains the SecurityTube Linux Assembly Expert assignments, and exam
  ☆18Nov 27, 2017Updated 8 years ago
• cyentific-rni / SAG

  View on GitHub
  An elevated STIX representation of the MITRE ATT&CK Groups knowledge base
  ☆23May 23, 2022Updated 3 years ago
• Velocidex / cloudvelo

  View on GitHub
  An experimental Velociraptor implementation using cloud infrastructure
  ☆26Dec 2, 2025Updated 2 months ago
• Symantec / threathunters

  View on GitHub
  ☆29Jan 9, 2025Updated last year
• MahatmaCrond / enumeration-script

  View on GitHub
  Scanner that runs enumeration scripts while you do other things, made for the OSCP exam
  ☆26May 1, 2020Updated 5 years ago
• visma-prodsec / columbo

  View on GitHub
  Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets.
  ☆60Nov 18, 2021Updated 4 years ago
• tahmed11 / DeepScan

  View on GitHub
  A simple shell script which utilizes nmap, nikto, dirb, enum4linux and other open source goodies to automate enumeration process.
  ☆19Jan 13, 2022Updated 4 years ago
• cyberheartmi9 / awesome-web-security

  View on GitHub
  ☆25Oct 14, 2017Updated 8 years ago
• 3gbCyber / IR-Last-Write-Time

  View on GitHub
  Simple Script to Help You Find All Files Has Been Modified, Accessed, and Created In A Range Time.
  ☆27Dec 1, 2022Updated 3 years ago
• Hestat / calamity

  View on GitHub
  A script to assist in processing forensic RAM captures for malware triage
  ☆26Feb 4, 2021Updated 5 years ago
• travisfoley / dfirtriage

  View on GitHub
  Digital forensic acquisition tool for Windows based incident response.
  ☆346May 7, 2024Updated last year
• open-source-dfir / slack

  View on GitHub
  Information about the open-source-dfir slack community
  ☆30Jun 17, 2023Updated 2 years ago
• cudeso / CSIRT-Jump-Bag

  View on GitHub
  CSIRT Jump Bag
  ☆27Apr 25, 2024Updated last year
• tsondt / oscp

  View on GitHub
  My notebook for OSCP Lab
  ☆26Aug 6, 2017Updated 8 years ago
• haktanemik / windows-priv

  View on GitHub
  Windows Privilege Escalation
  ☆30Aug 14, 2020Updated 5 years ago
• stuxnet999 / EventTranscriptParser

  View on GitHub
  Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
  ☆68Sep 13, 2023Updated 2 years ago
• muteb / Hoarder

  View on GitHub
  This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole …
  ☆209Oct 19, 2020Updated 5 years ago
• cudeso / dfir-iris-misp-timesketch

  View on GitHub
  Scripts to integrate DFIR-IRIS, MISP and TimeSketch
  ☆34Feb 2, 2022Updated 4 years ago
• keydet89 / Tools

  View on GitHub
  Tools from WFA 4/e, timeline tools, etc.
  ☆145Feb 29, 2024Updated last year
• akky2892 / Sigma-to

  View on GitHub
  Sigma is Generic Signature Format for SIEM Systems written by Florian Roth @Neo23x0 and Thomas Patzke. This repository is providing sprea…
  ☆32Oct 16, 2019Updated 6 years ago
• evild3ad / Get-MiniTimeline

  View on GitHub
  Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
  ☆32May 25, 2024Updated last year
• willc / OSCP-stuff

  View on GitHub
  Where I'll be posting my scripts, guides, cheatsheets, and notes for for my OSCP journey.
  ☆34Nov 6, 2017Updated 8 years ago
• ashemery / WindowsDFIR

  View on GitHub
  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…
  ☆77Jul 13, 2021Updated 4 years ago
• Xumeiquer / yara-forensics

  View on GitHub
  Set of Yara rules for finding files using magics headers
  ☆142Sep 8, 2020Updated 5 years ago
• ignacioj / mftf

  View on GitHub
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆38Jul 18, 2024Updated last year
• xophidia / DFIR_Linux_Collector

  View on GitHub
  The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…
  ☆32Mar 9, 2022Updated 3 years ago
• secman-pl / oscp

  View on GitHub
  ☆26Sep 2, 2016Updated 9 years ago