A curated list of tools for incident response. With repository stars⭐ and forks🍴
-
Updated
Oct 14, 2024
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
CLI generator for Velociraptor offline collector
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Kali in a Box - Containerized and fully operational within your Browser
Automate the creation of a lab environment complete with security tooling and logging best practices
Resources for DFIR. And more.
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Essential playbooks & runbooks for cybersecurity operations. A dynamic resource for security pros to navigate digital threats, with best practices, incident management protocols, and community-driven updates. Elevate your security strategy and response with our AI-driven guides.
Create a timeline of files in a folder.
A GUI tool that makes steg analysis easy by putting various steganography tools, all in one place
🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!
TriageX - Linux Triage Tool Is a BASH shell script designed to collect evidences in an incident with Linux machines. The script uses native Linux commands to run.
Mac PenTesting & Digital Forensics Collection
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Forensic tool utilizes file metadata to eliminate the false positive entries of system artifact and makes a decision.
AutoParser is a forensic tool for parsing offline registry hives.
Faster & Better Way to analyze the EML Files
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."