dfir
Here are 23 public repositories matching this topic...
An updated fork of @thereisnotime's xxUSBSentinel, a Windows anti-forensics USB monitoring tool.
-
Updated
Nov 14, 2023 - C#
C# Library and research notes for Windows 11 Notepad State Files
-
Updated
May 8, 2024 - C#
An updated fork of @3lp4tr0n's BeaconHunter. Detect and respond to Cobalt Strike beacons using ETW
-
Updated
Nov 15, 2023 - C#
Reverse Engineering the Windowstate files for Windows Notepad
-
Updated
May 1, 2024 - C#
An updated fork of @GhostPack's Seatbelt project, Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
-
Updated
Nov 20, 2023 - C#
An updated fork of @bacanoicua's RAMDumpExplorer project. This is a program designed to analyze a dump of the RAM memory to search for potentially malicious files. The program scans the dump file for specific patterns and uses regular expressions to identify and extract the matched values
-
Updated
May 16, 2024 - C#
An updated fork of DateDecoder originally by @jacobsoo.
-
Updated
Jul 16, 2023 - C#
Reverse Engineering the Tabstate files for Windows Notepad
-
Updated
May 1, 2024 - C#
This repository serves as a place for community created SQLECmd Maps for use with SQLECmd.
-
Updated
Jul 16, 2023 - C#
Digital Forensic Tool developed for my DFS 580 Capstone course at Champlain College. This tool facilitiates the decryption and analysis of encrypted profile and message files used by the instant messenger Technitium Mesh https://mesh.im/.
-
Updated
Dec 10, 2023 - C#
An updated fork of @AbdulRhmanAlfaifi's EventLogMonitor, which hooks into Window Event Logs and displays the new events as they are written to disk.
-
Updated
Nov 20, 2023 - C#
Rapid DFIR Triage Collection Tool For Windows, Mac and Linux
-
Updated
Apr 10, 2023 - C#
PurpleSharpEnhanced is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
-
Updated
Sep 1, 2020 - C#
A Splunk Technology Add-on to forward filtered ETW events.
-
Updated
Oct 14, 2020 - C#
Improve this page
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."