dfir-automation

Automate the creation of a lab environment complete with security tooling and logging best practices

翻译 - Vagrant＆Packer脚本可构建带有安全工具和记录最佳实践的完整实验室环境

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Graph Visualization for windows event logs

#Awesome#A curated list of tools for incident response. With repository stars⭐ and forks🍴

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Fast lookup server for NSRL and other hash database used in digital forensic

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and...

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

ActiveMime File Format Documentation

Toolset to analyze disks encrypted with McAFee FDE technology

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

Sabonis, a Digital Forensics and Incident Response pivoting tool

Kali in a Box - Containerized and fully operational within your Browser

A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Foren...

Factual rules are YARA rules to find legitimate software on raw disk acquisition.