Aurora Incident Response Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders. Aurora brings “Spreadsheet of Doom” used in the SANS FOR508 class to the next level....
FastFinder – Incident Response – Fast suspicious file finder FastFinder is a lightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused...
Zircolite Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX (EVTX and JSON format) Zircolite can be used directly on the...
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze...
Winshark Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25, 2019. Wireshark has...
Incident Response Collection Protocol (IRCP) A series of PowerShell scripts to automate artifact collection & assist Responders triaging endpoints in lab-based & onsite environments. IRCP Features IRCP supports E01, VMDK,...
Rogue Assembly Hunter Rogue Assembly Hunter is a utility for discovering ‘interesting’ .NET CLR modules in running processes. Background .NET is a very powerful and capable development platform and runtime...
RansomWatch RansomWatch is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites, store the data in an SQLite database, and send...
Hayabusa Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool created by the Yamato Security group in Japan. Hayabusa means “peregrine falcon” in Japanese and was chosen as peregrine falcons are the...
ExcelPeek ExcelPeek is a tool designed to help investigate potentially malicious Microsoft Excel files. Install git clone https://github.com/slaughterjames/excelpeek.git sudo pip3 install re sudo pip3 install termcolor sudo pip3 install openpyxl...
Wireshark-forensics-plugin Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides...
FACT – Forensic Artefact Collection Tool FACT is a tool to collect, process, and visualise forensic data from clusters of machines running in the cloud or on-premise. Installation Docker Compose...
Registry Spy: Cross-Platform Windows Registry Browser Registry Spy is a free, open-source cross-platform Windows Registry viewer. It is a fast, modern, and versatile explorer for raw registry files. Features include:...
turdshovel Turdshovel is an interactive CLI tool that allows users to dump objects from .NET memory dumps without having to fully understand the intricacies of WinDbg. It uses Python.NET to wrap around ClrMD and...
whatfiles Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes and threads that are created by the targeted process...
Support Securityonline.info site. Thanks!
