Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with dfir

A curated list of projects in awesome lists tagged with dfir .

https://github.com/toniblyx/my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

auditing aws-infrastructure aws-inventory aws-lambda cloud cloudtrail dfir iam incident-response security security-tools

Last synced: 11 May 2025

https://github.com/zeek/zeek

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

bro dfir network-monitoring nsm pcap security zeek

Last synced: 12 May 2025

https://github.com/LOLBAS-Project/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam

Last synced: 14 Mar 2025

https://github.com/lolbas-project/lolbas

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam

Last synced: 26 Mar 2025

https://github.com/clong/detectionlab

Automate the creation of a lab environment complete with security tooling and logging best practices

ansible detection detectionlab dfir dfir-automation information-security lab-environment osquery packer powershell sysmon terraform vagrant vagrantfile

Last synced: 14 May 2025

https://github.com/clong/DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

ansible detection detectionlab dfir dfir-automation information-security lab-environment osquery packer powershell sysmon terraform vagrant vagrantfile

Last synced: 24 Mar 2025

https://github.com/otrf/threathunter-playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

dfir hunter hunting hunting-campaigns hypothesis mitre mitre-attack-db sysmon threat-hunting

Last synced: 17 Oct 2025

https://github.com/OTRF/ThreatHunter-Playbook

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

dfir hunter hunting hunting-campaigns hypothesis mitre mitre-attack-db sysmon threat-hunting

Last synced: 24 Mar 2025

https://github.com/neo23x0/loki

Loki - Simple IOC and YARA Scanner

antivirus dfir hash ioc otx python scanner signature yara yara-rules

Last synced: 13 May 2025

https://github.com/Neo23x0/Loki

Loki - Simple IOC and YARA Scanner

antivirus dfir hash ioc otx python scanner signature yara yara-rules

Last synced: 30 Mar 2025

https://github.com/withsecurelabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

attack blueteam chainsaw countercept detection dfir forensics logs rust security sigma threat-hunting windows

Last synced: 25 Jun 2025

https://github.com/Security-Onion-Solutions/security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

dfir hunting ids intrusion-detection log-management network-security-monitoring nsm

Last synced: 24 Mar 2025

https://github.com/security-onion-solutions/security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

dfir hunting ids intrusion-detection log-management network-security-monitoring nsm

Last synced: 13 Mar 2025

https://github.com/jpcertcc/logontracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log

active-directory blueteam dfir event-log javascript python-3 security visualization

Last synced: 14 May 2025

https://github.com/JPCERTCC/LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log

active-directory blueteam dfir event-log javascript python-3 security visualization

Last synced: 09 Apr 2025

https://github.com/olafhartong/sysmon-modular

A repository of sysmon configuration modules

dfir mitre-attack modular security-tools sysmon threat-hunting

Last synced: 14 May 2025

https://github.com/google/timesketch

Collaborative forensic timeline analysis

analysis dfir forensics security timeline

Last synced: 12 May 2025

https://github.com/yamato-security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

attack cybersecurity detection dfir event forensics hayabusa hunting incident incident-response logs response rust security security-automation sigma threat threat-hunting windows yamato

Last synced: 03 Jul 2025

https://github.com/neo23x0/signature-base

YARA signature and IOC database for my scanners and tools

anti-virus dfir hash ioc scanner signature threat-hunting threat-intelligence yara yara-rules

Last synced: 25 Mar 2025

https://github.com/WithSecureLabs/chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

attack blueteam chainsaw countercept detection dfir forensics logs rust security sigma threat-hunting windows

Last synced: 27 Mar 2025

https://github.com/Neo23x0/signature-base

YARA signature and IOC database for my scanners and tools

anti-virus dfir hash ioc scanner signature threat-hunting threat-intelligence yara yara-rules

Last synced: 14 Apr 2025

https://github.com/Yamato-Security/hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

attack cybersecurity detection dfir event forensics hayabusa hunting incident incident-response logs response rust security security-automation sigma threat threat-hunting windows yamato

Last synced: 02 Apr 2025

https://github.com/purp1ew0lf/blue-team-notes

You didn't think I'd go and leave the blue team out, right?

blueteam cybersecurity dfir infosec powershell

Last synced: 06 Oct 2025

https://github.com/Purp1eW0lf/Blue-Team-Notes

You didn't think I'd go and leave the blue team out, right?

blueteam cybersecurity dfir infosec powershell

Last synced: 14 Apr 2025

https://github.com/api0cradle/LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam

Last synced: 06 May 2025

https://github.com/api0cradle/lolbas

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

blueteam dfir living-off-the-land lolbins lolscripts purpleteam redteam

Last synced: 02 Apr 2025

https://github.com/matanolabs/matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

alerting apache-iceberg aws aws-security big-data cloud cloud-native cloud-security cybersecurity detection-engineering dfir log-analytics log-management rust secops security security-tools serverless siem threat-hunting

Last synced: 14 May 2025

https://github.com/stuxnet999/MemLabs

Educational, CTF-styled labs for individuals interested in Memory Forensics

ctf ctf-challenges cybersecurity dfir digital-forensics forensics memory-forensics security windows

Last synced: 13 Apr 2025

https://github.com/bert-janp/hunting-queries-detection-rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

azure blueteam cybersecurity defender-for-endpoint dfir infosec kql mde mdi misp security sentinel threat-hunting vulnerability-management zero-day

Last synced: 14 May 2025

https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

azure blueteam cybersecurity defender-for-endpoint dfir infosec kql mde mdi misp security sentinel threat-hunting vulnerability-management zero-day

Last synced: 31 Mar 2025

https://github.com/yampelo/beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

dfir digital-forensics forensic-analysis graph incident-response security threat-hunting

Last synced: 15 May 2025

https://github.com/0xrawsec/whids

Open Source EDR for Windows

dfir edr ids sysmon threat-hunting windows

Last synced: 16 May 2025

https://github.com/obsidianforensics/hindsight

Web browser forensics for Google Chrome/Chromium

chrome dfir forensics google-chrome hindsight

Last synced: 14 May 2025

https://github.com/tomchop/malcom

Malcom - Malware Communications Analyzer

dfir infosec malware malware-analysis network-traffic pcap threat-intelligence

Last synced: 16 May 2025

https://github.com/olafhartong/threathunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

dfir mitre-attack splunk threat-hunting

Last synced: 24 Mar 2025

https://github.com/olafhartong/ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

dfir mitre-attack splunk threat-hunting

Last synced: 24 Mar 2025

https://github.com/cisagov/chirp

A DFIR tool written in Python.

cisa cybersecurity dfir ioc python yara-python

Last synced: 28 Sep 2025

https://github.com/cisagov/CHIRP

A DFIR tool written in Python.

cisa cybersecurity dfir ioc python yara-python

Last synced: 19 Jul 2025

https://github.com/tclahr/uac

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

aix collector computer-forensics dfir esxi forensics freebsd incident-response linux live-response macos netbsd netscaler openbsd script security shell solaris terminal triage

Last synced: 14 May 2025

https://github.com/fox-it/dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

dfir dissect python

Last synced: 08 Apr 2025

https://github.com/A3sal0n/CyberThreatHunting

A collection of resources for Threat Hunters

cybersecurity dfir incident-response threat-hunting threat-intelligence

Last synced: 24 Mar 2025

https://github.com/a3sal0n/cyberthreathunting

A collection of resources for Threat Hunters

cybersecurity dfir incident-response threat-hunting threat-intelligence

Last synced: 13 May 2025

https://github.com/yamato-security/wela-deprecated

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)

analysis dfir event forensics hunting incident log logs response sigma threat timeline windows

Last synced: 03 Jul 2025

https://github.com/Yamato-Security/WELA-deprecated

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)

analysis dfir event forensics hunting incident log logs response sigma threat timeline windows

Last synced: 01 Apr 2025

https://github.com/google/turbinia

Automation and Scaling of Digital Forensics Tools

cloud dfir forensics security security-automation

Last synced: 02 Apr 2025

https://github.com/cyb3r-monk/threat-hunting-and-detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel threat-detection threat-hunting

Last synced: 15 May 2025

https://github.com/ydkhatri/mac_apt

macOS (& ios) Artifact Parsing Tool

dfir forensics macos

Last synced: 20 Apr 2025

https://github.com/DFIRKuiper/Kuiper

Digital Forensics Investigation Platform

artifacts dfir digital-forensics incident-response parser security

Last synced: 30 Mar 2025

https://github.com/ashemery/linuxforensics

Everything related to Linux Forensics

dfir digital-forensics forensics investigations linux

Last synced: 01 Sep 2025

https://github.com/ashemery/LinuxForensics

Everything related to Linux Forensics

dfir digital-forensics forensics investigations linux

Last synced: 13 May 2025

https://github.com/Lookyloo/lookyloo

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

capture dfir information-security lookyloo privacy scraping web-security

Last synced: 02 Apr 2025

https://github.com/securityjoes/MasterParser

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

automation cyber cyber-security dfir dfir-automation digital-forensic incident-response infosec ir mdr powershell reporting security soc tools

Last synced: 03 Apr 2025

https://github.com/atc-project/atc-react

A knowledge base of actionable Incident Response techniques

amitt dfir incident-response mitre-attack response-playbooks thehive

Last synced: 14 May 2025

https://github.com/netflix-skunkworks/diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

dfir forensics security

Last synced: 16 May 2025

https://github.com/Netflix-Skunkworks/diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

dfir forensics security

Last synced: 29 Apr 2025

https://github.com/yamato-security/enablewindowslogsettings

Documentation and scripts to properly enable Windows event logs.

auditing dfir event forensics hayabusa logs monitoring security sigma sysmon windows

Last synced: 03 Jul 2025

https://atc-project.github.io/atc-react/

A knowledge base of actionable Incident Response techniques

amitt dfir incident-response mitre-attack response-playbooks thehive

Last synced: 13 Apr 2025

https://github.com/AndrewRathbun/DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

android artifacts-repository dfir ios linux macos windows

Last synced: 17 Jul 2025

https://github.com/LETHAL-FORENSICS/MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

dfir digital-forensics incident-response live-response memory-forensics memprocfs powershell

Last synced: 03 Mar 2025

https://github.com/iknowjason/purplecloud

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

azure azure-lab dfir dfir-automation pentest purpleteam siem

Last synced: 15 May 2025

https://github.com/misp/misp-warninglists

Warning lists to inform users of MISP about potential false-positives or other information in indicators

dfir false-positive misp misp-warninglists network-forensics threat-intelligence

Last synced: 15 May 2025

https://github.com/iknowjason/PurpleCloud

A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

azure azure-lab dfir dfir-automation pentest purpleteam siem

Last synced: 12 May 2025

https://github.com/MISP/misp-warninglists

Warning lists to inform users of MISP about potential false-positives or other information in indicators

dfir false-positive misp misp-warninglists network-forensics threat-intelligence

Last synced: 15 Apr 2025

https://github.com/cyberdefenders/detectionlabelk

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

detectionlab dfir elk osquery packer threat-hunting vagrant

Last synced: 05 Apr 2025

https://github.com/andrewrathbun/dfirartifactmuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

android artifacts-repository dfir ios linux macos windows

Last synced: 04 Apr 2025

https://github.com/cyberdefenders/DetectionLabELK

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

detectionlab dfir elk osquery packer threat-hunting vagrant

Last synced: 11 Jul 2025

https://github.com/andrewrathbun/dfirmindmaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

dfir digitalforensics eztools kape mindmaps ntfs rdp tcpdump

Last synced: 01 Mar 2025

https://github.com/AndrewRathbun/DFIRMindMaps

A repository of DFIR-related Mind Maps geared towards the visual learners!

dfir digitalforensics eztools kape mindmaps ntfs rdp tcpdump

Last synced: 07 Apr 2025

https://github.com/Yamato-Security/EnableWindowsLogSettings

Documentation and scripts to properly enable Windows event logs.

auditing dfir event forensics hayabusa logs monitoring security sigma sysmon windows

Last synced: 08 May 2025

https://github.com/lazza/recuperabit

A tool for forensic file system reconstruction.

dfir disk forensics ntfs partition recover-files

Last synced: 04 Apr 2025

https://github.com/Lazza/RecuperaBit

A tool for forensic file system reconstruction.

dfir disk forensics ntfs partition recover-files

Last synced: 04 May 2025

https://github.com/sevagas/swap_digger

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

dfir forensics hacking post-exploitation security

Last synced: 05 Apr 2025

https://github.com/ANSSI-FR/ADTimeline

Timeline of Active Directory changes with replication metadata

active-directory dfir forensics powershell splunk timeline windows

Last synced: 18 Jul 2025

https://github.com/dfirtrack/dfirtrack

DFIRTrack - The Incident Response Tracking Application

dfir digital-forensics incident-management incident-response incident-response-tooling

Last synced: 04 May 2025

https://github.com/diogo-fernan/ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

bash batch cybersecurity dfir forensics incident-response malware nirsoft sysinternals unix windows

Last synced: 02 Apr 2025

https://github.com/infosecb/loobins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

blueteam cybersecurity detection dfir living-off-the-land loobins macos redteam

Last synced: 14 May 2025

https://github.com/stanfrbd/cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

blueteam cyber-threat-intelligence cybersecurity dfir docker hash incident-response infosec ioc ipinfo osint osint-python python security security-tools threat threat-hunting threat-intelligence virustotal

Last synced: 16 May 2025

https://github.com/olafhartong/attackdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

dfir mitre-attack siem threat-detection threat-hunting

Last synced: 04 Oct 2025

https://github.com/olafhartong/ATTACKdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

dfir mitre-attack siem threat-detection threat-hunting

Last synced: 27 Apr 2025