Automate the creation of a lab environment complete with security tooling and logging best practices
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Graph Visualization for windows event logs
#Awesome#A curated list of tools for incident response. With repository stars⭐ and forks🍴
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Fast lookup server for NSRL and other hash database used in digital forensic
unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and...
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
Toolset to analyze disks encrypted with McAFee FDE technology
Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.
Sabonis, a Digital Forensics and Incident Response pivoting tool
Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing
Kali in a Box - Containerized and fully operational within your Browser
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Foren...