dwmetz

CyberPipe

An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.

QuickPcap

A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.

PSHero

PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.

detonaRE

Capture. Detonate. Collect

Mal-Hash

This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.

Axiom-PowerShell

PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.

Ginsu

Takes a larger image and 'chops' it down to <= 3GB zips to traverse Windows Defender for Endpoint

Presentations

Archive of presentations shared with the DFIR community.

Awesome-KAPE

A curated list of KAPE-related resources

Digital-Forensics-with-Kali-Linux

Digital Forensics with Kali Linux, published by Packt

incident-response-plan-template

A concise, directive, specific, flexible, and free incident response plan template

blue-jupyter

Jupyter Notebooks for the Blue Team

dwmetz.github.io

iLEAPP

iOS Logs, Events, And Plist Parser

sift

SIFT

GCTI

KapeFiles

This repository serves as a place for community created Targets and Modules for use with KAPE.

Magnet-RESPONSE-PowerShell

PowerShell script for running Magnet RESPONSE forensic collection tool in large enterprises.

reversinglabs-yara-rules

ReversingLabs YARA Rules

rules

Repository of yara rules

Toolbox

Miscellaneous scripts for public consumption that don't really need their own repository.

volatility3

Volatility 3.0 development