A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.

macOS forensic acquisition made simple

Field reference for BTL1 and Tier 1 SOC work — grep-ready cheatsheets, SPL queries, Volatility workflows, live response commands

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

A collection of PowerShell scripts for analyzing macOS Forensic Artifacts

Vault of Windows Registry forensic artifacts

Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS or GCP.

A tool for fetching DFIR and other GitHub tools.

like ripgrep but for browser history

AI-powered DFIR triage for Windows and Linux. Upload a disk image, select artifacts, get a forensic report - in minutes, not hours. Runs entirely on your machine. No cloud, no external services. Built for incident responders who need speed without sacrificing control.

Automatically create iSCSI targets for all drives except for a boot device

Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

Outil de triage automatisé de différents types de collectes d'artefacts.

Utility for recovering ES File Explorer encrypted files (.eslock)

A deployment and testing platform for Velociraptor's client artifacts

A lightweight Tool for quick triage in live Win10/11 Systems, extracting Journal, Execution Timeline and Drive-Logs, as well as an included Process Memory String Parsing Tool.

Forensic timeline analysis tool, rewritten from Python to Go. Desktop application for analyzing large-scale forensic datasets, particularly timeline data from log2timeline (L2T) format files.

Yerel ağlarda anomaly detection, saldırı tespiti ve adli bilişim analizi yapan tek Pythontkinter tabanlı açık kaynak araç. Özelleştirilebilir imza veritabanıyla Türkiye odaklı tehditleri yakalar!