Trending repositories for topic dfir
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of awesome forensic analysis tools and resources
A curated list of tools for incident response
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Educational, CTF-styled labs for individuals interested in Memory Forensics
Rapidly Search and Hunt through Windows Forensic Artefacts
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Automate the creation of a lab environment complete with security tooling and logging best practices
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
You didn't think I'd go and leave the blue team out, right?
A curated list of awesome forensic analysis tools and resources
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Educational, CTF-styled labs for individuals interested in Memory Forensics
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Rapidly Search and Hunt through Windows Forensic Artefacts
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
Automate the creation of a lab environment complete with security tooling and logging best practices
A curated list of awesome forensic analysis tools and resources
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Rapidly Search and Hunt through Windows Forensic Artefacts
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Educational, CTF-styled labs for individuals interested in Memory Forensics
Awesome list of keywords and artifacts for Threat Hunting sessions
Automate the creation of a lab environment complete with security tooling and logging best practices
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Helm charts for running open source digital forensic tools in Kubernetes
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Awesome list of keywords and artifacts for Threat Hunting sessions
A curated list of awesome forensic analysis tools and resources
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Educational, CTF-styled labs for individuals interested in Memory Forensics
A curated list of awesome forensic analysis tools and resources
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
A curated list of tools for incident response
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Rapidly Search and Hunt through Windows Forensic Artefacts
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
Graphical interface for the forensic logical acquisition of Mac computers
Helm charts for running open source digital forensic tools in Kubernetes
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
KQL Queries. Microsoft Defender, Microsoft Sentinel
Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Awesome list of keywords and artifacts for Threat Hunting sessions
Sigma detection rules for hunting with the threathunting-keywords project
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicator matches.
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
yara detection rules for hunting with the threathunting-keywords project
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
A curated list of tools for incident response
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
A curated list of awesome forensic analysis tools and resources
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Rapidly Search and Hunt through Windows Forensic Artefacts
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Automate the creation of a lab environment complete with security tooling and logging best practices
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
KQL Queries. Microsoft Defender, Microsoft Sentinel
Helm charts for running open source digital forensic tools in Kubernetes
Graphical interface for the forensic logical acquisition of Mac computers
Awesome list of keywords and artifacts for Threat Hunting sessions
Sigma detection rules for hunting with the threathunting-keywords project
A curated list of tools for incident response. With repository stars⭐ and forks🍴
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Lua plugin to extract data from Wireshark and convert it into MISP format
A script to convert a Cellebrite UFDR to the original file structure.
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR