dfir-automation

Star

Here are 83 public repositories matching this topic...

huinholang / Computer-Forensics

Star

Scripts automating computer forensics for Windows and Linux

windows linux forensics dfir-automation

Updated May 23, 2022
PowerShell

SatyenderYadav / Ph1shGr1P

Star

Faster & Better Way to analyze the EML Files

dfir eml-files forensic-analysis email-forensics dfir-automation forensic-investigation eml-forensic

Updated Apr 4, 2023
Python

cyberarber / incident-response-portfolio

Star

Security incident response case studies demonstrating log analysis, threat hunting, and forensic investigation using Elastic Stack, TheHive, and MITRE ATT&CK

elasticsearch kibana incident-response dfir cybersecurity threat-hunting soc blue-team dfir-automation soc-analyst

Updated Aug 29, 2025

loneicewolf / DFIR-Resources

Star

Resources for DFIR. And more.

reverse-engineering malware forensics dfir dfir-automation

Updated Jul 3, 2024
Shell

NextSecurity / Cortex-Analyzers-Modified

Star

Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids

ioc incident-response forensics dfir secops digital-forensics security-orchestration security-automation security-tools soar ioc-framework blue-team nextsecurity cyber-threat-intelligence forensics-investigations cybersecurity-incidents cyber-security-team incident-response-tooling dfir-automation

Updated May 3, 2020
Python

mayHamad / AutoParser

Star

AutoParser is a forensic tool for parsing offline registry hives.

windows parsers dfir-automation registry-keys foransic-artifacs

Updated May 12, 2023
Python

Jakobish / pdforensic_toolkit

Star

A forensic command-line tool for deep analyzing PDF files

pdf forensics dfir dfir-automation dfir-tools

Updated Apr 3, 2025
Python

This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.

incident-response dfir dfir-automation carbon-black-cloud

Updated Jun 23, 2021
Python

SanketBaraiya / WAP

Star

Windows Artifact Parser

windows parser incident-response dfir cybersecurity forensic-analysis dfir-automation forensics-tools

Updated Nov 1, 2024
Perl

shockz-offsec / Forencics-Recompiler-Linux

Star

Este script recompilará una gran parte de la información que se suele obtener de un sistema Linux ante un peritaje o análisis forense. Además toda la información será firmada con SHA256.

linux bash unix automation forensics dfir recompilation forensic-examinations dfir-automation forensics-tools

Updated Nov 19, 2022
Shell

SolitudePy / LFC

Star

Linux Forensic Collector, Quick & Thorough.

dfir dfir-automation linux-forensics dfir-tools

Updated Jun 26, 2025
Shell

DrPwner / Velociraptor-Syslog

Star

This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.

automation logs syslog dfir syslog-server syslog-messages syslog-client velociraptor dfir-automation syslog-parser dfir-tools velociraptor-syslog

Updated May 2, 2025
Python

abhishek-kadavala1 / AWMFA-Automated_Windows_Memory_Forensics_Analysis

Star

AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).