Cisco IOS XE implant scanning This repository contains information regarding post-exploitation activities linked to the Cisco IOS XE Software Web Management User Interface mass exploitations. Cisco Talos published a fingerprint that could check if...
ALFA – Automated Audit Log Forensic Analysis for Google Workspace You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics...
YAMA YAMA is a system for generating scanners that can inspect specific malware during incident response. The scanner generated by YAMA is designed to explore the memory of Windows OS and detect malware. With...
ThreatScraper ThreatScraper is a Python-based tool designed to check virus information by using VirusTotal API. It offers functionalities such as scheduling the checking at specific times, showing and saving the graph of malware detection...
varc (Volatile Artifact Collector) varc collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident. It...
z9 PowerShell Log Analyzer This tool detects the artifact of the PowerShell-based malware from the eventlog of PowerShell logging. The strength of PowerShell scripts lies in their ability to run without touching the file...
DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools Changelog v0.9 added lnk2bodyfile Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile ...
dissect Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artifacts from various disk and file formats, developed by Fox-IT (part of NCC...
Grove Grove is a Software as a Service (SaaS) log collection framework, designed to support the collection of logs from services which do not natively support log streaming. Grove enables teams to collect security-related...
Microsoft-Extractor-Suite Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft. The following Microsoft data sources are supported: Source Description...
HASH (HTTP Agnostic Software Honeypot) HASH is a framework for creating and launching low interactive honeypots. Why HASH? The main philosophy of HASH is to be easy to configure and flexible to mimic any...
Trawler Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items, Binary Modifications,...
ClientInspector Are you in control? – or are some of your core infrastructure processes like patching, antivirus, and bitlocker enablement drifting? Or would you like to do advanced inventory, where you can look up your warranty state against...
T3SF – Technical Tabletop Exercises Simulation Framework T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together with a set of...
MemTracer MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to...
Secure Your Connection
