Automate the creation of a lab environment complete with security tooling and logging best practices
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Graph Visualization for windows event logs
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
CABTA (Blue Team Assistant) - AI-Powered SOC Platform for Threat Analysis, IOC Investigation & Email Forensics
Fast lookup server for NSRL and other hash database used in digital forensic
Pipeline that allows sending forensic artifacts to OpenRelik for automatic processing
unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
MAES: M365 Analyzer & Extractor Suite Po
AIFT is a GUI, CLI, REST API, and MCP tool that helps DFIR analysts get oriented quickly. Point it at disk images, VM images, forensic archives, or triage packages; AIFT discovers what can be opened, parses artifacts with Dissect, and uses AI to turn parsed data into concrete leads and gaps for the investigator to verify.
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
This project is for DFIR that wants to speed up some memory forensic analysis
Automatically create iSCSI targets for all drives except for a boot device
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."