A repository of sysmon configuration modules
-
Updated
Aug 21, 2024 - PowerShell
#
dfir
Here are 71 public repositories matching this topic...
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
graylog logging forensics dfir sysmon threat-hunting siem threat-sharing threatintel netsec sysinternals graylog-plugin forensic-analysis threat-analysis threat-intelligence humio mitre-attack sigma-rules forensicartifacts digitalforensics
-
Updated
Nov 5, 2023 - PowerShell
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
azure incident-response dfir cybersecurity threat-hunting digital-forensics threathunting cloud-forensics azure-forensics azuresearcher azforensics unifiedauditlog powershellv5
-
Updated
Oct 29, 2022 - PowerShell
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
security automation tools powershell reporting incident-response dfir infosec cyber soc cyber-security ir mdr digital-forensic dfir-automation
-
Updated
Apr 6, 2025 - PowerShell
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
-
Updated
Mar 10, 2025 - PowerShell
Awesome list of keywords and artifacts for Threat Hunting sessions
splunk incident-response dfir awesome-list threat-hunting siem iocs offensive-security soc yara-rules elk-stack blueteam threat-intelligence redteam forensic hacktools endpoint-security threathunting offensive-scripts detection-engineering
-
Updated
Mar 3, 2025 - PowerShell
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
-
Updated
Dec 12, 2021 - PowerShell
Timeline of Active Directory changes with replication metadata
-
Updated
Mar 21, 2025 - PowerShell
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
-
Updated
Nov 3, 2020 - PowerShell
PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
-
Updated
Oct 21, 2024 - PowerShell
PowerShell module for Office 365 and Azure log collection
-
Updated
Mar 10, 2025 - PowerShell
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
powershell incident-response dfir digital-forensics memory-forensics live-response memory-acquisition
-
Updated
Mar 30, 2025 - PowerShell
Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)
windows clipboard database timeline powershell windows-10 dfir sqlite3 artifacts powershell-script copy-paste powershell-scripts timelines forensic timelineview 1803 april-2018 json1-extension 1809 1903
-
Updated
Feb 16, 2023 - PowerShell
Win 10/11 related research
notifications windows events timeline xml dfir keywords sticky-notes bam keyword-lists win10 wdi eventlog objectid forensic jumplist amcache yourphone mediaplayer-library win11
-
Updated
Dec 19, 2023 - PowerShell
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
-
Updated
Apr 6, 2025 - PowerShell
Powershell module for VMWare vSphere forensics
-
Updated
Nov 8, 2024 - PowerShell
Invoke-LiveResponse
-
Updated
Feb 22, 2022 - PowerShell
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
-
Updated
Jul 25, 2019 - PowerShell
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
powershell incident-response forensics dfir evidence forensics-investigations incident-response-tooling forensics-tools
-
Updated
Aug 26, 2024 - PowerShell
Improve this page
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."