Faster & Better Way to analyze the EML Files
-
Updated
Apr 4, 2023 - Python
Faster & Better Way to analyze the EML Files
A Python, Boto3 script that shuts down a selected instance, detaches the instance, generates a snapshot volume and then attaches and mounts both volumes to a workstation
A GUI tool that makes steg analysis easy by putting various steganography tools, all in one place
Confirm file type by matching the magic signature ("number").
Create a timeline of files in a folder.
CrowdStrike API Client Library
Binalyze AIR and Carbon Black Cloud Integration
Forensic tool utilizes file metadata to eliminate the false positive entries of system artifact and makes a decision.
splits a URL into individual components, unescapes arguments, and performs light calculations for manual or automated analysis
Ingest and query NIST NSRL Reference Data Sets in Elasticsearch with Python tools and libraries.
This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.
CLI generator for Velociraptor offline collector
🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!
Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids
Sabonis, a Digital Forensics and Incident Response pivoting tool
AutoParser is a forensic tool for parsing offline registry hives.
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation
Toolset to analyze disks encrypted with McAFee FDE technology
ActiveMime File Format Documentation
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."