Evolving directions on building the best Open Source Forensics VM
☆161Jul 5, 2018Updated 7 years ago
Alternatives and similar repositories for Ultimate-Forensics-VM
Users that are interested in Ultimate-Forensics-VM are comparing it to the libraries listed below
Sorting:
- Integrating Sysinternals Autoruns’ logs into Security Onion☆31Feb 20, 2024Updated 2 years ago
- Configuration files for the SOF-ELK VM☆1,720Jan 21, 2026Updated last month
- Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.☆21Mar 12, 2019Updated 6 years ago
- ☆50Aug 30, 2020Updated 5 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- incident response scripts☆18Mar 4, 2019Updated 7 years ago
- Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management☆3,106Apr 16, 2021Updated 4 years ago
- ELK configuration files for Forensic Analysts and Incident Handlers (unmaintained)☆179Jul 10, 2019Updated 6 years ago
- Scripts and code referenced in CrowdStrike blog posts☆339Nov 13, 2019Updated 6 years ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- Wireless Forensics Framework In Python☆19Jan 29, 2017Updated 9 years ago
- ☆142May 24, 2024Updated last year
- Windows Live Artifacts Acquisition Script☆190Jun 20, 2022Updated 3 years ago
- CyLR - Live Response Collection Tool☆711Jun 1, 2022Updated 3 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Jupyter demo repository for PancakesCon2020☆16Mar 23, 2020Updated 5 years ago
- Tools from WFA 4/e, timeline tools, etc.☆145Feb 29, 2024Updated 2 years ago
- Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI☆201Dec 11, 2017Updated 8 years ago
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- Proof-of-Concept scripts for various issues.☆14Jan 23, 2017Updated 9 years ago
- A repository for using windows event forwarding for incident detection and response☆1,299Sep 8, 2025Updated 5 months ago
- ☆453Nov 21, 2024Updated last year
- 1-Click push forensics evidence to the cloud☆144Sep 23, 2025Updated 5 months ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Security Onion Elastic Stack☆46Feb 1, 2021Updated 5 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- Git for me to put all my forensics stuff☆23Sep 2, 2025Updated 6 months ago
- Investigate suspicious activity by visualizing Sysmon's event log☆431Dec 22, 2023Updated 2 years ago
- A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.☆735Jun 5, 2025Updated 9 months ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆480Nov 15, 2024Updated last year
- Collecting & Hunting for IOCs with gusto and style☆117Aug 9, 2018Updated 7 years ago
- Incident Response Forensic Framework☆612Nov 20, 2019Updated 6 years ago
- Understanding ATT&CK Matrix for Enterprise☆79May 16, 2018Updated 7 years ago
- How can you track the hunting techniques you come up with?☆13Sep 3, 2017Updated 8 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago