forensicartifacts

There are 1 repository under forensicartifacts topic.

ion-storm / sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
sysmon threatintel threat-hunting netsec sysinternals logging graylog graylog-plugin dfir threat-intelligence threat-sharing threat-analysis mitre-attack digitalforensics forensic-analysis forensicartifacts forensics siem sigma-rules humio
Language:PowerShell 752
forensicanalysis / artifactcollector
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
dfir digital-forensics forensicartifacts
Language:Go 243
windows-forensic-artifacts
Psmths / windows-forensic-artifacts
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
forensics artifacts dfir windows windows-11 analysis reference digital-forensics forensic-analysis forensicartifacts forensics-investigations
204
forensicanalysis / artifacts
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
dfir digital-forensics forensicartifacts
66
ThreatHunting-Keywords-sigma-rules
mthcht / ThreatHunting-Keywords-sigma-rules
Sigma detection rules for hunting with the threathunting-keywords project
blueteam detection-engineering detection-rules siem sigma-rules threat-detection threat-hunting threathunting dfir forensicartifacts mitre-attack
Language:Python 40
motionDetector / ForensicTools
Analysis or research tools for digital forensics
digital-forensics forensics forensicartifacts
Language:Go 8
ogmini / Notepad-Tabstate-Buffer
Reverse Engineering the Tabstate files for Windows Notepad
dfir digital-forensics forensic-tools forensicartifacts forensics-tools security-tools
Language:C# 3
ezaspy / bruce
Python script for outputting PCAPs as JSON as well as extracting attachments within the traffic stream
bruce tshark pcaps python3 dfir forensic-analysis forensicartifacts
Language:Python 1
ogmini / Notepad-Windowstate-Buffer
Reverse Engineering the Windowstate files for Windows Notepad
dfir digital-forensics forensic-tools forensicartifacts forensics-tools security-tools
Language:C# 0

forensicartifacts

ion-storm / sysmon-config

forensicanalysis / artifactcollector

Psmths / windows-forensic-artifacts

forensicanalysis / artifacts

mthcht / ThreatHunting-Keywords-sigma-rules

motionDetector / ForensicTools

ogmini / Notepad-Tabstate-Buffer

ezaspy / bruce

ogmini / Notepad-Windowstate-Buffer