Various DFIR Tools
☆27Jul 23, 2018Updated 7 years ago
Alternatives and similar repositories for DFIR
Users that are interested in DFIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- ircollect☆31Aug 7, 2013Updated 12 years ago
- Carve NTFS USN records from binary data☆27May 21, 2017Updated 8 years ago
- Discover USB device history for a specific user☆23Dec 28, 2015Updated 10 years ago
- An NTFS journal parser☆80Mar 3, 2016Updated 10 years ago
- Assorted classes and methods for indexing reports and retrieving information from an elastic index☆21Jul 5, 2016Updated 9 years ago
- Visualization of interaction between entities☆16Nov 28, 2016Updated 9 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆122May 29, 2024Updated last year
- Fast incident overview☆41Feb 11, 2017Updated 9 years ago
- An informational repo about hunting for adversaries in your IT environment.☆14Apr 10, 2017Updated 8 years ago
- Carve Windows Prefetch files from arbitrary binary data☆16Jun 11, 2017Updated 8 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆26Oct 9, 2015Updated 10 years ago
- A Windows Event Processing Utility☆47Feb 21, 2018Updated 8 years ago
- A Powershell script for frequency analysis of separated values data files.☆17Jan 22, 2014Updated 12 years ago
- Why hunt when you can seine?☆21May 12, 2015Updated 10 years ago
- Python script to parse the NTFS USN Journal☆117Jul 15, 2022Updated 3 years ago
- Javascript deobfuscation tool☆17Apr 6, 2018Updated 7 years ago
- Some dfir stuff☆31Jan 12, 2022Updated 4 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- ☆15Dec 18, 2013Updated 12 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Jul 23, 2015Updated 10 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- Parse Manifest.mbdb files from iTunes backup directories☆20Jun 29, 2017Updated 8 years ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists☆35Jan 8, 2026Updated 2 months ago
- ☆18Apr 16, 2015Updated 10 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- My Year of Python Repository☆28Jun 13, 2020Updated 5 years ago
- A simple reflective dll example☆19Jan 8, 2017Updated 9 years ago
- Decode security descriptors in $Secure on NTFS��☆22Feb 24, 2022Updated 4 years ago
- Identify botnet panels with Ensembled Decision Trees☆18Aug 3, 2016Updated 9 years ago
- ☆18May 16, 2013Updated 12 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- Read a plist file, write out any embedded plist files☆36Dec 27, 2015Updated 10 years ago
- Various public documents, whitepapers and articles about APT campaigns☆55Apr 1, 2016Updated 9 years ago
- Malware Analysis and Storage System - Server repository☆12Jul 15, 2022Updated 3 years ago
- Collection of SQL query templates for digital forensics use by platform and application.☆114Apr 17, 2021Updated 4 years ago
- Simple Microsoft Windows sessions event logs visualization☆156May 2, 2022Updated 3 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago