A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.

macOS forensic acquisition made simple

Field reference for BTL1 and Tier 1 SOC work — grep-ready cheatsheets, SPL queries, Volatility workflows, live response commands

A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

AI-powered DFIR triage for Windows and Linux. Upload a disk image, select artifacts, get a forensic report - in minutes, not hours. Runs entirely on your machine. No cloud, no external services. Built for incident responders who need speed without sacrificing control.

A collection of PowerShell scripts for analyzing macOS Forensic Artifacts

Vault of Windows Registry forensic artifacts

like ripgrep but for browser history

A tool for fetching DFIR and other GitHub tools.

Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS or GCP.

Automatically create iSCSI targets for all drives except for a boot device

Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!

Outil de triage automatisé de différents types de collectes d'artefacts.

Utility for recovering ES File Explorer encrypted files (.eslock)

UAL Timeline Generator — User Access Logging Timeliner

A lightweight Tool for quick triage in live Win10/11 Systems, extracting Journal, Execution Timeline and Drive-Logs, as well as an included Process Memory String Parsing Tool.

A deployment and testing platform for Velociraptor's client artifacts

Interactive attack path designer for incident responders and security teams