Ingest and query NIST NSRL Reference Data Sets in Elasticsearch with Python tools and libraries.
-
Updated
Jun 26, 2018 - Python
Ingest and query NIST NSRL Reference Data Sets in Elasticsearch with Python tools and libraries.
Cortex-Analyzers Modified - SecTeam/CERT/SOC Security orchestration tools on steroids
Minion rules for DFIR work.
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation
A Python, Boto3 script that shuts down a selected instance, detaches the instance, generates a snapshot volume and then attaches and mounts both volumes to a workstation
Small Incident Response Powershell script that collects various data from the system.Good alternative to run on a system while waiting for an approved AV scan( or instead of a scan)
Go script that finds a matching hash or a diff of a target hash in a directory.
Manage loki scans over a large network.
Toolset to analyze disks encrypted with McAFee FDE technology
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK R&D lab in Azure.
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
splits a URL into individual components, unescapes arguments, and performs light calculations for manual or automated analysis
This script is designed to pull data from the carbon black cloud. One disadvantage of the CBC GUI is the inability to see the command line for each process in bulk. Instead, you need to click on each process individually. This spits out the command line so you can quickly spot evil.
ActiveMime File Format Documentation
File Watcher - Powershell based file activity monitoring tool
Factual rules are YARA rules to find legitimate software on raw disk acquisition.
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
CrowdStrike API Client Library
Sabonis, a Digital Forensics and Incident Response pivoting tool
Scripts automating computer forensics for Windows and Linux
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."