Various DFIR Tools
☆27Jul 23, 2018Updated 7 years ago
Alternatives and similar repositories for DFIR
Users that are interested in DFIR are comparing it to the libraries listed below
Sorting:
- Tool to parse SRU database☆25Mar 1, 2018Updated 8 years ago
- ircollect☆31Aug 7, 2013Updated 12 years ago
- Carve NTFS USN records from binary data☆27May 21, 2017Updated 8 years ago
- An NTFS journal parser☆80Mar 3, 2016Updated 10 years ago
- Fast incident overview☆41Feb 11, 2017Updated 9 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆122May 29, 2024Updated last year
- Assorted classes and methods for indexing reports and retrieving information from an elastic index☆21Jul 5, 2016Updated 9 years ago
- A Windows Event Processing Utility☆47Feb 21, 2018Updated 8 years ago
- An informational repo about hunting for adversaries in your IT environment.☆14Apr 10, 2017Updated 8 years ago
- Why hunt when you can seine?☆21May 12, 2015Updated 10 years ago
- Integration between MISP platform and McAfee MVISION EDR☆14Mar 14, 2022Updated 3 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- Javascript deobfuscation tool☆17Apr 6, 2018Updated 7 years ago
- Visualization of interaction between entities☆16Nov 28, 2016Updated 9 years ago
- ☆18May 16, 2013Updated 12 years ago
- Carve Windows Prefetch files from arbitrary binary data☆16Jun 11, 2017Updated 8 years ago
- Python script to parse the NTFS USN Journal☆116Jul 15, 2022Updated 3 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Jul 23, 2015Updated 10 years ago
- IR-Tools - PowerShell tools for IR☆130Jul 10, 2017Updated 8 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆26Oct 9, 2015Updated 10 years ago
- A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.☆22Apr 16, 2021Updated 4 years ago
- ☆18Apr 16, 2015Updated 10 years ago
- DES Rainbow Table Online Phase☆25Aug 2, 2017Updated 8 years ago
- A simple reflective dll example☆19Jan 8, 2017Updated 9 years ago
- VolDiff: Malware Memory Footprint Analysis based on Volatility☆197Sep 12, 2017Updated 8 years ago
- Decode security descriptors in $Secure on NTFS☆22Feb 24, 2022Updated 4 years ago
- Queries to parse sysmon event log file with microsoft logparser☆58Mar 31, 2015Updated 10 years ago
- Repository for LNK stuff☆31Aug 31, 2022Updated 3 years ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- mindmap created for tools can be used during analysis/investigation☆28Jan 4, 2017Updated 9 years ago
- Identify botnet panels with Ensembled Decision Trees☆18Aug 3, 2016Updated 9 years ago
- onigiri - remote malware triage script☆24Nov 5, 2015Updated 10 years ago
- threadmap plugin for Volatility Foundation☆27Aug 23, 2021Updated 4 years ago
- Bunch of techniques potentially used by malware to detect analysis environments☆160Jul 4, 2016Updated 9 years ago
- Collection of SQL query templates for digital forensics use by platform and application.☆112Apr 17, 2021Updated 4 years ago
- OverTheWire Wargames write-ups☆25Jun 13, 2017Updated 8 years ago
- Crack your macros like the math pros.☆33Feb 14, 2017Updated 9 years ago
- (Unofficial) Python API for https://malwr.com/☆62Oct 13, 2016Updated 9 years ago