A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
-
Updated
Oct 4, 2025 - Python
#
dfir-tools
Here are 46 public repositories matching this topic...
MacOS forensic acquisition made simple
-
Updated
Jul 26, 2025 - Python
A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifacts
-
Updated
Oct 20, 2025
Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS.
-
Updated
Nov 10, 2025 - Python
Automatically create iSCSI targets for all drives except for a boot device
-
Updated
May 23, 2025 - Python
A tool for fetching DFIR and other GitHub tools.
-
Updated
Aug 2, 2025 - PowerShell
Vault of Windows Registry forensic artifacts
-
Updated
Nov 12, 2025 - JavaScript
macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR
-
Updated
Nov 24, 2025 - Shell
Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
dfir cryptocurrency digital-forensics triage wallets blockchain-forensics cryptocurrency-addresses digital-forensics-incident-response digitalforensics cryptocurrency-forensics forensics-tools dfir-tools cryptocurrency-discovery
-
Updated
Oct 3, 2025 - Python
Outil de triage automatisé de différents types de collectes d'artefacts.
-
Updated
Nov 20, 2025 - JavaScript
A collection of PowerShell scripts for analyzing macOS Forensic Artifacts
-
Updated
Nov 20, 2025 - PowerShell
Yerel ağlarda anomaly detection, saldırı tespiti ve adli bilişim analizi yapan tek Pythontkinter tabanlı açık kaynak araç. Özelleştirilebilir imza veritabanıyla Türkiye odaklı tehditleri yakalar!
-
Updated
May 31, 2025 - Python
Bu repository, siber güvenlik uzmanları, SOC ekipleri ve tehdit avcıları için profesyonel YARA kurallarını bir araya getiren canlı bir bilgi havuzudur. Her kural derinlemesine malware analizi ve reverse engineering çalışmaları sonucunda geliştirilmiştir.
windows hacker-news malware dfir malware-analysis hacker yara yara-rules malware-detection dfir-tools
-
Updated
Oct 29, 2025 - YARA
AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).
incident-response dfir cybersecurity malware-analysis digital-forensics memory-analysis automated-analysis volatility forensic-analysis memory-forensics security-tools incident-response-tooling dfir-automation windows-forensics forensics-tools windows-memory dfir-tools
-
Updated
Nov 8, 2025 - Python
-
Updated
Nov 11, 2024 - Python
A deployment and testing platform for Velociraptor's client artifacts
dfir artifacts velociraptors velociraptor dfir-automation velociraptorir dfir-tools velociraptor-query-language
-
Updated
Jul 7, 2025 - Python
A forensic command-line tool for deep analyzing PDF files
-
Updated
Apr 3, 2025 - Python
Convert Kape Files to DFIR-ORC configurations
-
Updated
Aug 26, 2024 - Python
OpenRelik ertools worker
-
Updated
Jun 23, 2025 - Python
Linux Forensic Collector, Quick & Thorough.
-
Updated
Jun 26, 2025 - Shell
Improve this page
Add a description, image, and links to the dfir-tools topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir-tools topic, visit your repo's landing page and select "manage topics."