awesome-anti-forensic

Tools and packages that are used for countering forensic activities, including e

HTML701other

12 months ago

anti-forensicanti-forensicsantiforensics

IRTriage

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

AutoIt127

9 years ago

nightHawkResponse

nightHawkResponse

Incident Response Forensic Framework

Go597

5 years ago

ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host fo

Batchfile459other

4 years ago

bashbatchcybersecurity

swiftGuard

swiftGuard

Anti-forensic macOS tray application designed to safeguard your system by monito

Python332gpl-3.0

last year

anti-forensicsdefensive-securitymacos

dftimewolf

dftimewolf

A framework for orchestrating forensic collection, processing and data export

Python289apache-2.0

4 months ago

imagemounter

Command line utility and Python package to ease the (un)mounting of forensic dis

Python116mit

2 years ago

pcapfex

'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts f

Python212apache-2.0

5 years ago

chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Rust2664gpl-3.0

4 months ago

attackblueteamchainsaw

rekall

Rekall Memory Forensic Framework

Python1913gpl-2.0

4 years ago

dissect

Dissect is a digital forensics & incident response framework and toolset that al

882agpl-3.0

5 months ago

dfirdissectpython

osxcollector

osxcollector

A forensic evidence collection & analysis toolkit for OS X

Python1863other

5 years ago

automactc

AutoMacTC: Automated Mac Forensic Triage Collector

Python520other

3 years ago

artifactcollector

artifactcollector

🚨 The artifactcollector is a customizable agent to collect forensic artifacts o

Go258mit

last year

dfirdigital-forensicsforensicartifacts

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a liv

Python83agpl-3.0

4 months ago

PowerForensics

PowerForensics

PowerForensics provides an all in one platform for live disk forensic analysis

C#1385mit

last year

CDQR

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic arti

Python330gpl-3.0

2 years ago

kube-forensics

Go221apache-2.0

5 months ago

sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forens

C2544

4 months ago

forensicsincident-responsentfs

joy

A package for capturing and analyzing network flow data and intraflow data, for

C1308other

8 months ago

Kuiper

Kuiper

Digital Forensics Investigation Platform

JavaScript745

4 months ago

artifactsdfirdigital-forensics

artifacts

Digital Forensics artifact repository

Python1016apache-2.0

4 months ago

evolve

evolve

Web interface for the Volatility Memory Forensics Framework

JavaScript258

7 years ago

OSXAuditor

OSXAuditor

OS X Auditor is a free Mac OS X computer forensics tool

JavaScript3132other

4 years ago

bitscout

Remote forensics meta tool

Shell459gpl-2.0

5 months ago

volatility

volatility

An advanced memory forensics framework

Python7125gpl-2.0

last year

malwarememorypython

tracee

Linux Runtime Security and Forensics using eBPF

Go3630apache-2.0

11 days ago

bpfdockerebpf

hindsight

hindsight

Web browser forensics for Google Chrome/Chromium

Python1047apache-2.0

6 months ago

chromedfirforensics

muninn

A short and small memory forensics helper.

Python51

7 years ago

memory-forensicspythonvolatility

dfir-orc

dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows

C++364lgpl-2.1

5 months ago

collectiondfirincident-response

artifacts-kb

Digital Forensics Artifacts Knowledge Base

Python70apache-2.0

6 months ago

docker-explorer

A tool to help forensicate offline docker acquisitions

Python529apache-2.0

2 months ago

dockerforensics

diffy

diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric securit

Python632apache-2.0

10 months ago

dfirforensicssecurity

awesome-event-ids

Collection of Event ID ressources useful for Digital Forensics and Incident Resp

569mit

5 months ago

dfirdigitalforensicsforensics

hayabusa

hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generat

Rust2113gpl-3.0

4 months ago

attackcybersecuritydetection

grr

grr

GRR Rapid Response: remote live forensics for incident response

Python4764apache-2.0

2 months ago

inVtero.net

inVtero.net

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Inclu

C#277agpl-3.0

last year

attestationcloud-computingforensics

mvt

mvt

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devi

Python10130other

4 months ago

androidforensicsforensics-tools

prowler

prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do

Python10398apache-2.0

4 months ago

awsazurecis-benchmark

LiME

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisit

C1679gpl-2.0

5 months ago

awesome-anti-forensic

Tools and packages that are used for countering forensic activities, including e

HTML701other

12 months ago

anti-forensicanti-forensicsantiforensics

SPECTR3

SPECTR3

Forensic tool for acquisition, triage and analysis of remote block devices via i

C#36lgpl-3.0

9 months ago

acquisitioncybersecurityforensics

nightHawkResponse

nightHawkResponse

Incident Response Forensic Framework

Go597

5 years ago

ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host fo

Batchfile459other

4 years ago

bashbatchcybersecurity

timesketch

timesketch

Collaborative forensic timeline analysis

Python2616apache-2.0

15 days ago

analysisdfirforensics

swiftGuard

swiftGuard

Anti-forensic macOS tray application designed to safeguard your system by monito

Python332gpl-3.0

last year

anti-forensicsdefensive-securitymacos

dftimewolf

dftimewolf

A framework for orchestrating forensic collection, processing and data export

Python289apache-2.0

4 months ago

imagemounter

Command line utility and Python package to ease the (un)mounting of forensic dis

Python116mit

2 years ago

pcapfex

'Packet Capture Forensic Evidence eXtractor' is a tool that finds and extracts f

Python212apache-2.0

5 years ago

chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Rust2664gpl-3.0

4 months ago

attackblueteamchainsaw

rekall

Rekall Memory Forensic Framework

Python1913gpl-2.0

4 years ago

dissect

Dissect is a digital forensics & incident response framework and toolset that al

882agpl-3.0

5 months ago

dfirdissectpython

automactc

AutoMacTC: Automated Mac Forensic Triage Collector

Python520other

3 years ago

artifactcollector

artifactcollector

🚨 The artifactcollector is a customizable agent to collect forensic artifacts o

Go258mit

last year

dfirdigital-forensicsforensicartifacts

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a liv

Python83agpl-3.0

4 months ago

CDQR

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic arti

Python330gpl-3.0

2 years ago

Dshell

Dshell is a network forensic analysis framework.

Python5452other

7 months ago

kube-forensics

Go221apache-2.0

5 months ago

awesome-forensics

A curated list of awesome forensic analysis tools and resources

3767cc0-1.0

6 months ago

computer-forensicsdfirdigital-forensics

sleuthkit

The Sleuth Kit® (TSK) is a library and collection of command line digital forens

C2544

4 months ago

forensicsincident-responsentfs

joy

A package for capturing and analyzing network flow data and intraflow data, for

C1308other

8 months ago

Kuiper

Kuiper

Digital Forensics Investigation Platform

JavaScript745

4 months ago

artifactsdfirdigital-forensics

artifacts

Digital Forensics artifact repository

Python1016apache-2.0

4 months ago

evolve

evolve

Web interface for the Volatility Memory Forensics Framework

JavaScript258

7 years ago

OSXAuditor

OSXAuditor

OS X Auditor is a free Mac OS X computer forensics tool

JavaScript3132other

4 years ago

bitscout

Remote forensics meta tool

Shell459gpl-2.0

5 months ago

volatility

volatility

An advanced memory forensics framework

Python7125gpl-2.0

last year

malwarememorypython

tracee

Linux Runtime Security and Forensics using eBPF

Go3630apache-2.0

11 days ago

bpfdockerebpf

hindsight

hindsight

Web browser forensics for Google Chrome/Chromium

Python1047apache-2.0

6 months ago

chromedfirforensics

muninn

A short and small memory forensics helper.

Python51

7 years ago

memory-forensicspythonvolatility

dfir-orc

dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows

C++364lgpl-2.1

5 months ago

collectiondfirincident-response

artifacts-kb

Digital Forensics Artifacts Knowledge Base

Python70apache-2.0

6 months ago

docker-explorer

A tool to help forensicate offline docker acquisitions

Python529apache-2.0

2 months ago

dockerforensics

diffy

diffy

:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric securit

Python632apache-2.0

10 months ago

dfirforensicssecurity

awesome-event-ids

Collection of Event ID ressources useful for Digital Forensics and Incident Resp

569mit

5 months ago

dfirdigitalforensicsforensics

hayabusa

hayabusa

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generat

Rust2113gpl-3.0

4 months ago

attackcybersecuritydetection

grr

grr

GRR Rapid Response: remote live forensics for incident response

Python4764apache-2.0

2 months ago

inVtero.net

inVtero.net

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Inclu

C#277agpl-3.0

last year

attestationcloud-computingforensics

mvt

mvt

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devi

Python10130other

4 months ago

androidforensicsforensics-tools

prowler

prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do

Python10398apache-2.0

4 months ago

awsazurecis-benchmark

LiME

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisit

C1679gpl-2.0

5 months ago