ALFA: Automated Audit Log Forensic Analysis for Google Workspace
ALFA – Automated Audit Log Forensic Analysis for Google Workspace You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the...
Category: Forensics
YAMA: Yet Another Memory Analyzer for malware detection
YAMA YAMA is a system for generating scanners that can inspect specific malware during incident response. The scanner generated by YAMA is designed to explore the memory of Windows OS...
ThreatScraper: Automated Threat Intelligence Gathering and Analysis from VirusTotal
ThreatScraper ThreatScraper is a Python-based tool designed to check virus information by using VirusTotal API. It offers functionalities such as scheduling the checking at specific times, showing and saving the...
varc: collects a snapshot of volatile data from a system
varc (Volatile Artifact Collector) varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating...
z9: PowerShell Log Analyzer
z9 PowerShell Log Analyzer This tool detects the artifact of the PowerShell-based malware from the eventlog of PowerShell logging. The strength of PowerShell scripts lies in their ability to run...
grove v1.2.2 releases: A Software as a Service (SaaS) log collection framework
Grove Grove is a Software as a Service (SaaS) log collection framework, designed to support the collection of logs from services which do not natively support log streaming. Grove enables...
Microsoft Extractor Suite: acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes
Microsoft-Extractor-Suite Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft. The following Microsoft data sources...
HASH: framework for creating and launching low interactive honeypots
HASH (HTTP Agnostic Software Honeypot) HASH is a framework for creating and launching low interactive honeypots. Why HASH? The main philosophy of HASH is to be easy to configure and...
Trawler: help Incident Responders discover adversary persistence mechanisms
Trawler Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications,...
ClientInspectorV2: Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up...
T3SF: Technical Tabletop Exercises Simulation Framework
T3SF – Technical Tabletop Exercises Simulation Framework T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together...
MemTracer: discover and investigate stealthy attack traces hidden in memory
MemTracer MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in...
ICS Forensics Tools: open source forensic toolkit for analyzing Industrial PLC metadata and project files
Microsoft Section52 ICS Forensics Tools Microsoft Section52 Industrial Control Systems Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft Section52 ICS Forensics...
C2-Hunter: extract Command and Control (C2) traffic from malwares in real-time
C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control (C2) traffic from malwares in real time. The program uses a unique approach by hooking into...
LSMS: Linux Security and Monitoring Scripts
Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for security-related events or for an investigation. Each...
