Automate the creation of a lab environment complete with security tooling and logging best practices
-
Updated
Mar 27, 2023 - HTML
Automate the creation of a lab environment complete with security tooling and logging best practices
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
Graph Visualization for windows event logs
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
A curated list of tools for incident response. With repository stars⭐ and forks🍴
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Fast lookup server for NSRL and other hash database used in digital forensic
Easy automated vagrant provisioning of Windows 10 with flarevm tools installed for Digital Forensics and Malware Analysis Lab.
unix_collector is a live response collection script for Incident Response on UNIX-like systems using native binaries.
A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach from the selected instance and finally attach & mount to a Forensic Workstation
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
Kali in a Box - Containerized and fully operational within your Browser
A GUI tool that makes steg analysis easy by putting various steganography tools, all in one place
ActiveMime File Format Documentation
Factual rules are YARA rules to find legitimate software on raw disk acquisition.
A Python, Boto3 script that shuts down a selected instance, detaches the instance, generates a snapshot volume and then attaches and mounts both volumes to a workstation
Add a description, image, and links to the dfir-automation topic page so that developers can more easily learn about it.
To associate your repository with the dfir-automation topic, visit your repo's landing page and select "manage topics."