GitHub topics: dfir-automation

Repositories

clong/DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

Language: HTML - Size: 190 MB - Last synced at: 2 days ago - Pushed at: 10 months ago - Stars: 4,752 - Forks: 998

CERTSYNETIS/PyTriage

Outil de triage automatisé de différents types de collectes d'artefacts.

Language: JavaScript - Size: 648 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 8 - Forks: 0

adulau/hashlookup-server

Fast lookup server for NSRL and other hash database used in digital forensic

Language: Python - Size: 91.8 KB - Last synced at: about 14 hours ago - Pushed at: almost 3 years ago - Stars: 45 - Forks: 7

TruxTrace is a Linux user simulation tool that emulates realistic command-line behavior for single and multiple users. It’s designed for learning, testing, and digital forensics, generating artifacts like logs and histories to replicate real-world usage scenarios.

Language: Python - Size: 593 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 0 - Forks: 0

iknowjason/PurpleCloud

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Language: Python - Size: 42.9 MB - Last synced at: about 20 hours ago - Pushed at: about 2 months ago - Stars: 572 - Forks: 97

maxspl/OSIR

Orchestration Software for Incident Response

Language: Python - Size: 89.2 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 7 - Forks: 1

terracota19/Initiate-DFIR-IRIS-Windows-Automation

This batch script automates the deployment and management of the DFIR-IRIS web application using Docker on Windows

Language: Batchfile - Size: 22.5 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 0 - Forks: 0

iknowjason/BlueCloud

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Language: HTML - Size: 30.6 MB - Last synced at: 4 days ago - Pushed at: over 2 years ago - Stars: 134 - Forks: 28

Correia-jpv/fucking-awesome-incident-response

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Size: 447 KB - Last synced at: 9 days ago - Pushed at: about 1 month ago - Stars: 227 - Forks: 34

DrPwner/Velociraptor-Syslog

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.

Language: Python - Size: 31.3 KB - Last synced at: 20 days ago - Pushed at: 20 days ago - Stars: 0 - Forks: 0

w8mej/InfoSec-Blueprints

Essential playbooks & runbooks for cybersecurity operations. A dynamic resource for security pros to navigate digital threats, with best practices, incident management protocols, and community-driven updates. Elevate your security strategy and response with our AI-driven guides.

Language: Jupyter Notebook - Size: 83.3 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 9 - Forks: 3

op7ic/unix_collector

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Language: Shell - Size: 85.9 KB - Last synced at: 5 days ago - Pushed at: 4 months ago - Stars: 35 - Forks: 5

Jakobish/pdforensic_toolkit

A forensic command-line tool for deep analyzing PDF files

Language: Python - Size: 40 KB - Last synced at: 19 days ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

Language: PowerShell - Size: 12.4 MB - Last synced at: about 1 month ago - Pushed at: 12 months ago - Stars: 722 - Forks: 60

Digital-Defense-Institute/openrelik-pipeline

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

Language: Python - Size: 61.5 KB - Last synced at: 3 days ago - Pushed at: 3 months ago - Stars: 5 - Forks: 0

cado-security/varc 📦

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Language: Python - Size: 1.21 MB - Last synced at: 9 days ago - Pushed at: 6 months ago - Stars: 253 - Forks: 13

hashlookup/hashlookup-forensic-analyser

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Language: Python - Size: 8.28 MB - Last synced at: 6 days ago - Pushed at: over 1 year ago - Stars: 126 - Forks: 13

jdangosto/triageX

TriageX - Linux Triage Tool Is a BASH shell script designed to collect evidences in an incident with Linux machines. The script uses native Linux commands to run.

Language: Shell - Size: 66.4 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 5 - Forks: 4

BenjiTrapp/boxed-kali

Kali in a Box - Containerized and fully operational within your Browser

Language: Shell - Size: 2.85 MB - Last synced at: 7 days ago - Pushed at: 9 months ago - Stars: 12 - Forks: 1

jupyterj0nes/sabonis

Sabonis, a Digital Forensics and Incident Response pivoting tool

Language: Python - Size: 2.51 MB - Last synced at: 23 days ago - Pushed at: about 3 years ago - Stars: 16 - Forks: 0

jurelou/epagneul

Graph Visualization for windows event logs

Language: Python - Size: 51.4 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 233 - Forks: 35

rpfilomeno/darahata

Lazy Windows event log fast forensics timeline generator and threat hunting script.

Language: Batchfile - Size: 8.79 KB - Last synced at: about 1 month ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

cado-security/rip_raw 📦

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Language: Python - Size: 914 KB - Last synced at: 6 months ago - Pushed at: over 3 years ago - Stars: 131 - Forks: 16

CIRCL/factual-rules

Factual rules are YARA rules to find legitimate software on raw disk acquisition.

Language: YARA - Size: 8.03 MB - Last synced at: about 3 hours ago - Pushed at: over 3 years ago - Stars: 11 - Forks: 1

CERT-EDF/generaptor

CLI generator for Velociraptor offline collector

Language: Python - Size: 142 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 5 - Forks: 2

loneicewolf/DFIR-Resources

Resources for DFIR. And more.

Language: Shell - Size: 52.7 KB - Last synced at: about 1 month ago - Pushed at: 11 months ago - Stars: 11 - Forks: 0

w4rhead/DFIR-LiveResponse

DFIR Live-Response scripts

Language: Shell - Size: 28.3 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

dfirsec/file_timeliner

Create a timeline of files in a folder.

Language: Python - Size: 86.9 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

sp3p3x/stegallofit

A GUI tool that makes steg analysis easy by putting all the tools in one place

Language: Python - Size: 44.9 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 2

SatyenderYadav/Ph1shGr1P

Faster & Better Way to analyze the EML Files

Language: Python - Size: 3.48 MB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

paulverising/cbc-api

This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.

Language: Python - Size: 21.5 KB - Last synced at: over 1 year ago - Pushed at: almost 4 years ago - Stars: 3 - Forks: 0

j-schmied/project-macsec

Mac PenTesting & Digital Forensics Collection

Language: Shell - Size: 369 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

McL0vinn/Incident_Response_Script

Small Incident Response Powershell script that collects various data from the system.Good alternative to run on a system while waiting for an approved AV scan( or instead of a scan)

Language: PowerShell - Size: 3.91 KB - Last synced at: 12 months ago - Pushed at: over 4 years ago - Stars: 2 - Forks: 0

NextSecurity/nsrlsearch Fork of sptonkin/nsrlsearch

Ingest and query NIST NSRL Reference Data Sets in Elasticsearch with Python tools and libraries.

Size: 32.2 KB - Last synced at: over 1 year ago - Pushed at: almost 7 years ago - Stars: 1 - Forks: 0

NextSecurity/Cortex-Analyzers-Modified Fork of TheHive-Project/Cortex-Analyzers

Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids

Language: Python - Size: 626 MB - Last synced at: over 1 year ago - Pushed at: about 5 years ago - Stars: 6 - Forks: 0

binalyze/carbonblack-air

Binalyze AIR and Carbon Black Cloud Integration

Language: Python - Size: 18.6 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

mayHamad/Horizon

Forensic tool utilizes file metadata to eliminate the false positive entries of system artifact and makes a decision.

Language: Python - Size: 18.6 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

QXJ6YW4/SimpleImager

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

Language: Batchfile - Size: 2.57 MB - Last synced at: almost 2 years ago - Pushed at: almost 3 years ago - Stars: 23 - Forks: 4

mayHamad/AutoParser

AutoParser is a forensic tool for parsing offline registry hives.

Language: Python - Size: 106 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 3 - Forks: 0

shockz-offsec/Forencics-Recompiler-Linux

Este script recompilará una gran parte de la información que se suele obtener de un sistema Linux ante un peritaje o análisis forense. Además toda la información será firmada con SHA256.

Language: Shell - Size: 6.84 KB - Last synced at: 3 months ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

brootware/flarevm-up

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

Language: HCL - Size: 27.3 KB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 7 - Forks: 4

wv8672/AWS-Linux-Mem-Dump

A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation

Language: Python - Size: 104 KB - Last synced at: about 2 years ago - Pushed at: almost 5 years ago - Stars: 10 - Forks: 4

iknowjason/Velociraptor_Azure 📦

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

Language: HCL - Size: 14.1 MB - Last synced at: about 2 years ago - Pushed at: about 4 years ago - Stars: 15 - Forks: 4

iknowjason/HELK_Azure 📦

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK R&D lab in Azure.

Language: HCL - Size: 332 KB - Last synced at: about 2 years ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 1

Related Keywords

dfir-automation 54 dfir 39 forensics 13 incident-response 13 security 9 digital-forensics 7 linux 7 forensics-tools 6 blueteam 6 windows 5 automation 5 aws 4 dfir-tools 4 purpleteam 4 python 4 memory-forensics 3 docker 3 blue-team 3 nsrl 3 infosec 3 forensic-analysis 3 velociraptor 3 powershell 3 threat-hunting 3 ioc 3 reverse-engineering 3 triage 3 macos 2 script 2 security-automation 2 ebs-volumes 2 secops 2 pentesting 2 malware-analysis 2 hayabusa 2 incident-response-tooling 2 soc 2 unix 2 ir-diag 2 powershell-script 2 penetration-testing 2 detection 2 siem 2 python3 2 hashlookup 2 azure 2 information-security 2 digitalforensics 2 vagrant 2 hunting 2 security-tools 2 nsrllookup 2 forensics-investigations 2 forensic-investigation 1 eml-forensic 1 rust 1 eml-files 1 malware 1 carbon-black-cloud 1 apple 1 apple-silicon 1 penetration-testing-framework 1 evtx 1 penetration-testing-tools 1 file-reputation 1 liveresponse 1 cli-app 1 yara-signatures 1 yara-rules 1 yara-forensics 1 takajo 1 mde 1 sigma 1 data-visualization 1 timelines 1 sp3p3x 1 stegallofit 1 steganalysis 1 steganography 1 stego 1 email-forensics 1 virtualbox 1 windows-10 1 lime 1 memorydumping 1 fde 1 fuse-filesystem 1 master-thesis 1 mcafee 1 cybersecurity 1 indicators-of-compromise 1 loki 1 cloudformation-template 1 filehash 1 hash 1 hashing 1 open-source 1 filemagic 1 crowdstrike 1 crowdstrike-falcon-api 1