Automate the creation of a lab environment complete with security tooling and logging best practices

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Graph Visualization for windows event logs

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Fast lookup server for NSRL and other hash database used in digital forensic

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

Toolset to analyze disks encrypted with McAFee FDE technology

ActiveMime File Format Documentation

Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.

Sabonis, a Digital Forensics and Incident Response pivoting tool

A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation

Factual rules are YARA rules to find legitimate software on raw disk acquisition.

Resources for DFIR. And more.