Fastir_Collector_Linux
This tool collects different artefacts on live Linux and records the results in csv files. With the analysis of these artefacts, an early compromission can be detected. All code must be in a python...
View ArticleClik here to view.
Network Security Toolkit
Network Security Toolkit (NST) is a bootable ISO image (Live DVD/USB Flash Drive) based on Fedora 24 providing easy access to best-of-breed Open Source Network Security Applications and should run on...
View ArticleLinux Forensics Tools Repository
The CERT Linux Forensics Tools Repository provides many useful packages for cyber forensics acquisition and analysis practitioners.
View Articlethreat_note
DPS' Lightweight Investigation Notebook threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their...
View ArticleSCOT - Sandia Cyber Omni Tracker
SCOT is an Incident Response collaboration and knowledge capture tool focused on flexability and ease of use. Our goal is to add value to the incident response process without burdening the user....
View ArticleClik here to view.
Request Tracker for Incident Response
As it's technically an extension, RTIR builds on all the features of RT and provides pre-configured queues and workflows designed for incident response teams. It's the tool of choice for many CERT and...
View ArticleClik here to view.
FIR
FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents....
View ArticleCDQR — Cold Disk Quick Response tool by Alan Orlikoski
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS...
View Articlesearchgiant_cli
Command line forensic imaging utility for cloud services. This program was designed for my Applied Research Project at John Jay University for my masters degree in digital forensics and cyber security....
View Articletraceroute-circl
traceroute-circl is an extended traceroute to support the activities of CSIRT (or CERT) operators. Usually CSIRT team have to handle incidents based on IP addresses received. Features Display abuse and...
View ArticleStenographer
Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet...
View Articlept-stalk¶
pt-stalk waits for a trigger condition to occur, then collects data to help diagnose problems. The tool is designed to run as a daemon with root privileges, so that you can diagnose intermittent...
View ArticlePSRecon
PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends...
View ArticleRetroScope
The majority of RetroScope's code is in the dalvik/vm/zombie directory. Please be sure to read the RetroScope paper before working with RetroScope. This code is provided as is. If you extend it in any...
View ArticleElasticHandler
Assorted classes and methods for indexing reports and retrieving information from an elastic index.
View ArticleClik here to view.
Clik here to view.
Efetch
Efetch is just a way to view files from log2timeline. Efetch currently supports viewing images, office documents, sqlite databases, registries, pst files, and more....
View ArticleCrowbar
Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular...
View ArticleCyFIR
"CyFIR Enterprise® is a revolutionary enterprise digital forensics platform designed to maximize an organization’s Speed to Resolution™ when handling a computer security incident, an eDiscovery...
View Article