A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

Graph Visualization for windows event logs

Rip Raw is a small tool to analyse the memory of compromised Linux systems.

Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Fast lookup server for NSRL and other hash database used in digital forensic

A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation

OpenRelik ertools worker

Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing

CLI generator for Velociraptor offline collector

Collaborative Forensic Collections Manager

🚀 IRIS-SOAR: Modular SOAR (Security Orchestration, Automation, and Response) implementation in Python. Designed to complement DFIR-IRIS through playbook automation and seamless integrations. Easily extensible and in active development. Join us in building a tool geared towards enhancing security efficiency!

A GUI tool that makes steg analysis easy by putting various steganography tools, all in one place

ActiveMime File Format Documentation

Orchestration Software for Incident Response

Minimalist Collaborative Malware DB Management

Extract and normalize information from forensics artifacts

A Python, Boto3 script that shuts down a selected instance, detaches the instance, generates a snapshot volume and then attaches and mounts both volumes to a workstation

Faster & Better Way to analyze the EML Files

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.