CLI generator for Velociraptor offline collector
-
Updated
Jun 18, 2024 - Python
CLI generator for Velociraptor offline collector
Create a timeline of files in a folder.
A GUI tool that makes steg analysis easy by putting various steganography tools, all in one place
🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Forensic tool utilizes file metadata to eliminate the false positive entries of system artifact and makes a decision.
AutoParser is a forensic tool for parsing offline registry hives.
Faster & Better Way to analyze the EML Files
Binalyze AIR and Carbon Black Cloud Integration
Graph Visualization for windows event logs
Fast lookup server for NSRL and other hash database used in digital forensic
Confirm file type by matching the magic signature ("number").
Sabonis, a Digital Forensics and Incident Response pivoting tool
CrowdStrike API Client Library
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
ActiveMime File Format Documentation
This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."