A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
-
Updated
Mar 21, 2025 - Python
#
dfir-automation
Here are 43 public repositories matching this topic...
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
aws security aws-lambda forensics dfir hacktoberfest memory-forensics cloud-security aws-fargate dfir-automation docker-forensics aws-forensics eks-forensics fargate-forensics
-
Updated
Nov 18, 2024 - Python
Graph Visualization for windows event logs
security forensics threat-hunting hunting blueteam security-tools evtx dfir-automation forensics-tools
-
Updated
Jan 15, 2025 - Python
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
-
Updated
Jan 31, 2022 - Python
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
bloom-filter dfir nsrl forensic-analysis forensics-investigations dfir-automation nsrllookup hashlookup
-
Updated
Sep 24, 2023 - Python
Fast lookup server for NSRL and other hash database used in digital forensic
-
Updated
Jun 16, 2022 - Python
Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing
security incident-response dfir secops infosec security-automation plaso timesketch log2timeline velociraptor dfir-automation hayabusa openrelik
-
Updated
May 19, 2025 - Python
Toolset to analyze disks encrypted with McAFee FDE technology
-
Updated
Mar 11, 2021 - Python
ActiveMime File Format Documentation
-
Updated
Jun 28, 2021 - Python
Sabonis, a Digital Forensics and Incident Response pivoting tool
-
Updated
Mar 3, 2022 - Python
CLI generator for Velociraptor offline collector
-
Updated
Oct 10, 2025 - Python
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation
-
Updated
Jul 15, 2020 - Python
🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!
-
Updated
Mar 27, 2024 - Python
Orchestration Software for Incident Response
-
Updated
Nov 4, 2025 - Python
AutoParser is a forensic tool for parsing offline registry hives.
-
Updated
May 12, 2023 - Python
Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids
ioc incident-response forensics dfir secops digital-forensics security-orchestration security-automation security-tools soar ioc-framework blue-team nextsecurity cyber-threat-intelligence forensics-investigations cybersecurity-incidents cyber-security-team incident-response-tooling dfir-automation
-
Updated
May 3, 2020 - Python
🕵️♂️ Unlock the story hidden in data - Your digital investigation partner. TheSleuthKit (TSK) Python Wrapper.
python wrapper analysis python3 forensics dfir python-wrapper disk-image image-forensics python-security sleuthkit tsk forensic regripper ewf dfir-automation disk-forensics image-forensic forensic-software thesleuthkit
-
Updated
Mar 20, 2025 - Python
This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.
-
Updated
Jun 23, 2021 - Python
HybridHashScanner is a versatile command-line tool for analyzing file hashes against multiple threat intelligence services, including MISP, CIRCL Hashlookup, OTX, Kaspersky, and VirusTotal. It supports single hash lookups, batch processing from CSV/TXT files, caching via SQLite, multithreading for efficiency, and optional Tor integration for anonym
automation incident-response cycle tor hash dfir misp virustotal otx threat-intelligence dfir-automation opentip hashlookup
-
Updated
Aug 14, 2025 - Python
Extract and normalize information from forensics artifacts
-
Updated
Oct 28, 2025 - Python
Improve this page
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."