OxShaggy

malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

PSPortable

Customized PowerShell environment packaged into a deployable portable package.

calamity

A script to assist in processing forensic RAM captures for malware triage

macOSTriageCollectionScript

A triage data collection script for macOS

velociraptor

Digging Deeper....

digital-forensics-lab

Free hands-on digital forensics labs for students and faculty

PersistenceSniper

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

win-mal-investigations

Windows Malware Investigation Scripts & Docs

rapid-endpoint-investigations

Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE

AnalyzePDF

Tool to help analyze PDF files

fTriage

Automating forensic data extraction, reduction, and overall triage of cold disk and memory images.

pe-bear

Portable Executable reversing tool with a friendly GUI

XstReader

Xst Reader is an open source viewer for Microsoft Outlook’s .ost and .pst files, written entirely in C#. To download an executable of the current version, go to the releases tab.

MemProcFS

MemProcFS

MemProcFS-Analyzer

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

ForensicMiner

A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.

DiscordTokenCarver

Carves/steals tokens for discord from local machine

GHOSTS

GHOSTS is a realistic user simulation framework for cyber simulation, training, and exercise

CSIRT-Collect

PowerShell script to collect memory and (triage) disk forensics

QuickPcap

A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.

CyberPipe

An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.

Mal-Hash

This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.

detonaRE

Capture. Detonate. Collect

Awesome-KAPE

A curated list of KAPE-related resources

KAPE-Automation

Kape2ADX

This is a project for automating your KAPE process. Currently, this project takes KAPE .zips found in blob storage, turns the artefacts into super timelines, then uploads the .csv back to Blob. You can optionally connect blob as a data source to Azure Data Explorer to then do forensics via KQL.

Heed

Automate the process of triaging, processing, sigma and yara scanning

incident-response-plan-template

A concise, directive, specific, flexible, and free incident response plan template