Statistics for topic dfir

RepositoryStats tracks 643,864 Github repositories, of these 189 are tagged with the dfir topic. The most common primary language for repositories using this topic is Python (66). Other languages include: PowerShell (27)

Stargazers over time for topic dfir

Most starred repositories for topic dfir (view more)

toniblyx
my-arsenal-of-aws-security-tools toniblyx
1.5k
9.2k
apache-2.0
396
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
iam dfir cloud auditing security aws-lambda cloudtrail aws-inventory security-tools incident-response aws-infrastructure
Created 2018-07-18
310 commits to master branch, last one 6 months ago
meirwah
awesome-incident-response meirwah
1.6k
8.1k
apache-2.0
465
A curated list of tools for incident response
dfir list awesome security awesome-list cybersecurity incident-response incident-response-tooling
Created 2015-11-10
521 commits to master branch, last one about a year ago
LOLBAS-Project
LOLBAS LOLBAS-Project
1.0k
7.5k
gpl-3.0
227
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
dfir lolbins redteam blueteam lolscripts purpleteam living-off-the-land
Created 2018-06-08
799 commits to master branch, last one 11 hours ago
zeek
zeek zeek
1.3k
6.8k
other
352
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
bro nsm dfir pcap zeek security network-monitoring
Created 2012-07-06
18,176 commits to master branch, last one a day ago
clong
DetectionLab clong
993
4.7k
mit
155
Automate the creation of a lab environment complete with security tooling and logging best practices
dfir packer sysmon ansible osquery vagrant detection terraform powershell vagrantfile detectionlab dfir-automation lab-environment information-security
Created 2017-03-25
1,222 commits to master branch, last one 2 years ago
cugu
awesome-forensics cugu
652
4.3k
cc0-1.0
176
⭐️ A curated list of awesome forensic analysis tools and resources
dfir free open-source digital-forensics forensic-analysis computer-forensics
Created 2016-03-29
199 commits to main branch, last one 5 days ago

Trending repositories for topic dfir (view more)

Last 3 days (new repositories)
no newly created repositories trending in the last 3 days
Last 3 days (absolute gain)
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,493 (+16)
gpl-3.0
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+12)
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

8,088 (+11)
apache-2.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,818 (+9)
clong
clong/DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

4,737 (+4)
mit
Last 3 days (relative gain)
Yamato-Security
Yamato-Security/suzaku

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

75 (+6%)
agpl-3.0
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+3%)
mdawsonuk
mdawsonuk/LevelDBDumper

Dumps all of the Key/Value pairs from a LevelDB database

78 (+1%)
gpl-3.0
ziesemer
ziesemer/ad-privileged-audit

Provides various Windows Server Active Directory (AD) security-focused reports.

94 (+1%)
Lazza
Lazza/Fuji

MacOS forensic acquisition made simple

125 (+0.8%)
gpl-3.0
Last week (new repositories)
no newly created repositories trending in the last week
Last week (absolute gain)
Yamato-Security
Yamato-Security/suzaku

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

75 (+58)
agpl-3.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,493 (+28)
gpl-3.0
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

8,088 (+19)
apache-2.0
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+19)
Yamato-Security
Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

2,562 (+15)
agpl-3.0
Last week (relative gain)
Yamato-Security
Yamato-Security/suzaku

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

75 (+341%)
agpl-3.0
Lazza
Lazza/Fuji

MacOS forensic acquisition made simple

125 (+5%)
gpl-3.0
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+4%)
roadwy
roadwy/DefenderYara

Extracted Yara rules from Windows Defender mpavbase and mpasbase

406 (+3%)
Neo23x0
Neo23x0/Loki2

LOKI2 - Simple IOC and YARA Scanner

92 (+2%)
gpl-3.0
Last month (new repositories)
no newly created repositories trending in the last month
Last month (absolute gain)
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+112)
mikeroyal
mikeroyal/Digital-Forensics-Guide

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

1,868 (+89)
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,493 (+89)
gpl-3.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,818 (+77)
Yamato-Security
Yamato-Security/suzaku

Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.

75 (+73)
agpl-3.0
Last month (relative gain)
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473 (+31%)
Lazza
Lazza/Fuji

MacOS forensic acquisition made simple

125 (+29%)
gpl-3.0
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

366 (+11%)
mit
alexverboon
alexverboon/Hunting-Queries-Detection-Rules

KQL Queries. Microsoft Defender, Microsoft Sentinel

155 (+9%)
bsd-3-clause
mdawsonuk
mdawsonuk/LevelDBDumper

Dumps all of the Key/Value pairs from a LevelDB database

78 (+7%)
gpl-3.0
Last 12-months (new repositories)
mir1ce
mir1ce/Hawkeye

Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具

473
stanfrbd
stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

366
mit
LOLESXi-Project
LOLESXi-Project/LOLESXi

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

123
gpl-3.0
mnrkbys
mnrkbys/fjta

FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (EXT4, XFS) journals (not systemd-journald), generates timelines, and detects suspicious activities.

63
apache-2.0
ChaitanyaHaritash
ChaitanyaHaritash/IllusiveFog

Windows Administrator level Implant.

49
mit
Last 12-months (absolute gain)
intelowlproject
intelowlproject/IntelOwl

IntelOwl: manage your Threat Intelligence at scale

4,108 (+997)
agpl-3.0
meirwah
meirwah/awesome-incident-response

A curated list of tools for incident response

8,088 (+964)
apache-2.0
LOLBAS-Project
LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

7,493 (+900)
gpl-3.0
zeek
zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

6,818 (+893)
mthcht
mthcht/awesome-lists

Awesome Security lists for SOC/CERT/CTI

943 (+740)
mit
Last 12-months (relative gain)
mf1d3l
mf1d3l/Splunk4DFIR

Harness the power of Splunk for your investigations

100 (+1,011%)
mit
joeavanzato
joeavanzato/RetrievIR

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

101 (+818%)
mit
Lazza
Lazza/Fuji

MacOS forensic acquisition made simple

125 (+793%)
gpl-3.0
LOLESXi-Project
LOLESXi-Project/LOLESXi

LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. This project gathers procedural examples from public reports of ...

123 (+624%)
gpl-3.0
mthcht
mthcht/awesome-lists

Awesome Security lists for SOC/CERT/CTI

943 (+365%)
mit