dfir
Here are 9 public repositories matching this topic...
Forensics artefact collection tool for systems running Microsoft Windows
-
Updated
Nov 14, 2024 - C++
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
-
Updated
Sep 3, 2023 - C++
An Incident Response tool to extract console command history and screen output buffer
-
Updated
Jan 11, 2018 - C++
Windows Administrator level Implant.
-
Updated
Sep 28, 2024 - C++
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
-
Updated
Sep 22, 2024 - C++
A repository to share contributions related to TheHive Project
-
Updated
Sep 15, 2021 - C++
Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"
-
Updated
Feb 27, 2024 - C++
A 'raw' file copy tool for Windows systems -- bypassing the file mutex
-
Updated
Nov 3, 2022 - C++
Improve this page
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."