A tool for fetching DFIR and other GitHub tools.

Collection of SQL, Python, and XML scripts to be used in forensic examinations

A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches

Memory Forensic System on Cloud

TRACE is a digital forensic analysis tool that provides a user-friendly interface for investigating disk images.

Awesome Security lists for SOC/CERT/CTI

Windows Events Attack Samples

A rewrite of YARA in Rust.

Aftermath is a free macOS IR framework

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

ELEGANTBOUNCER is a detection tool for file-based mobile exploits.

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Remote access and Antivirus Logging Database

RedEye is a visual analytic tool supporting Red & Blue Team operations

A curated list of GPT agents for cybersecurity

Parses USB connection artifacts from offline Registry hives

Masto is an OSINT tool written in python to gather intelligence on Mastodon users and instances.

CLI tools for forensic investigation of Windows artifacts

Advanced Python Mastery (course by @dabeaz)

Several python scripts for "dump and go" type mobile forensic reports.

AVML - Acquire Volatile Memory for Linux

Just Another broken Registry Parser (JARP)

Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!

A command line interface for Amazon EBS snapshots

An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.

Malware samples, analysis exercises and other interesting resources.

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

16,432 Free Yara rules created by

Digital Forensic Investigative Scripts