Automate the creation of a lab environment complete with security tooling and logging best practices
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Graph Visualization for windows event logs
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Fast lookup server for NSRL and other hash database used in digital forensic
MAES: M365 Analyzer & Extractor Suite Po
Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.
TriageX - Linux Triage Tool Is a BASH shell script designed to collect evidences in an incident with Linux machines. The script uses native Linux commands to run.
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation
OpenRelik ertools worker
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing
CLI generator for Velociraptor offline collector
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."