UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Incident Forensic Response In Terminal script for linux

This is a Live Response script to help incident responders to acquire data, contain and recover.

File and file meta information collect using PowerShell in Live Response environment.

A Firefox extension to encrypt files downloaded through Microsoft 365 Defender's Live Response Sessions.

WebLogHunter is a tool for parsing and analysing web server access logs to detect suspicious activity. It normalises logs into a standard DataFrame format for efficient querying and applies risk-scoring rules to highlight potential threats.

Cabbage is a simple python-based wrapper designed to automate and simplify post-mortem analysis of Solaris 10 kernel crash dumps and uncover evidence of rootkits and malicious activity.

Parse IIS applicationHost.config to generate CSV file.