kmahyyg
Follow
DFIR
Command line tracing tool for Windows, based on ETW.
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…
A command line tool for pstree-like output on macOS with additional pid capturing capabilities
Rapidly Search and Hunt through Windows Forensic Artefacts
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD…
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…
The FLARE team's open-source tool to identify capabilities in executable files.
A sort of a toolkit to decrypt Dropbox Windows DBX files
ZincSearch . A lightweight alternative to elasticsearch that requires minimal resources, written in Go.
A lightning-fast search API that fits effortlessly into your apps, websites, and workflow
An forensics tool to help aid in the investigation of spoofed emails based off the email headers.
Parses RecentFileCacheParser.bcf files
Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
eBPF implementation that runs on top of Windows
Collection of Event ID ressources useful for Digital Forensics and Incident Response
Investigate malicious Windows logon by visualizing and analyzing Windows event log