Zircolite is a standalone tool written in Python 3 that allows you to use SIGMA rules on: MS Windows EVTX (EVTX, XML, and JSONL formats) Auditd logs Sysmon for Linux EVTXtract CSV and XML logs...
WELA (Windows Event Log Analyzer) Yamato Security’s WELA(Windows Event Log Analyzer) aims to be the Swiss Army knife for Windows event logs. Currently, WELA’s greatest functionality is creating an easy-to-analyze logon timeline in order...
Scirius Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. Scirius CE is developed by Stamus Networks and is available under the GNU GPLv3...
Live Forensicator Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering...
Fennec fennec is an artifact collection tool written in Rust to be used during an incident response on *nix based systems. fennec allows you to write a configuration file that contains how to collect...
SentryPeer A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot. This is basically a fraud detection tool. It lets bad actors try to make phone calls and...
Digital Forensics Lab & Shared Cyber Forensic Intelligence Repository Features of Repository Interactive Digital Forensics Labs: Tailored for students and faculty engagement Linux-Centric Lab Environment: Utilizes Kali Linux exclusively for all labs Visual Learning Support: Each lab...
ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...
T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...
CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload...
honeypots 30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. The honeypots respond back, non-blocking, can be used as objects, or called directly...
IPED Digital Forensic Tool IPED is open-source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners....
DFIR-O365RC The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and...
Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...
PSGumshoe PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics. The module focuses on being as forensically sound as...
HAWK What Hawk is and isn’t Hawk provides a Limited analysis of the gathered data. This is by design! Hawk is here to help get all of the data in a single place it...
