Powershell wrapper for live memory capture using Winpmem

A collection of small scripts and howto's that where create at one point to solve a certain issue

DFIR Lab in AWS

This repository contains Dockerfile for the remnux-sift Docker image published in the Docker Hub: https://hub.docker.com/r/yara0/remnux-sift

Criação de novos módulos para a ferramenta forense KAPE.

My collection of write-ups on Cyber Defender Labs provides detailed solutions to various DFIR lab challenges. Each write-up breaks down the steps, tools, and techniques used to approach and resolve each lab, serving as a resource for anyone interested in advancing their skills in cyber defense.

osquery manager

PowerShell module for creating and managing Sysinternals Sysmon config files.

A 'raw' file copy tool for Windows systems -- bypassing the file mutex

Cross Platform (Go app) - to parse Windows Tasks UTF-16 le ecoded xml files to csv or onscreen tab

DFIRTrack - The Incident Response Tracking Application

Collaborative Incident Response platform

This tool can collect different artifact on running windows system.🦀

Invoke-LiveResponse

A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

🔬 Jupyter notebook to help automate some of the forensic analysis related to Citrix Netscalers compromised via CVE-2019-19781

Parse IIS applicationHost.config to generate CSV file.

A Cyber Security / Digital Forensics Hands-on Exercise for 5th Graders

Ansible role to setup MIG aka Mozilla InvestiGator: postgresql server

"Fly with me for a minute."