mattreduce
Follow
🔬 dfir
Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.
A tool to help forensicate offline docker acquisitions
A framework for orchestrating forensic collection, processing and data export
Python library to carry out DFIR analysis on the Cloud
Automation and Scaling of Digital Forensics Tools
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
A happy place for detection engineers, purple teamers and threat hunters focusing on macOS.
A Self-Contained Open-Source Cyberattack Experimentation Testbed
🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Make a cascading timeline from markdown-like text. Supports simple American/European date styles, ISO8601, images, links, locations, and more.
Elastic Security detection content for Endpoint
Linux Baseline and Forensic Triage Tool - BETA
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (pa…
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
An open standard for hashing network flows into identifiers, a.k.a "Community IDs".
DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, fi…
A standard for reducing log volume without sacrificing analytical capability