Awesome-Mirrors/awesome-incident-response
1
0
Fork 0
mirror of https://github.com/meirwah/awesome-incident-response.git synced 2025-04-15 04:53:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge 0d4fb1c079e8f0b40b2a7b30beab6ce388499d33 into b46c86d8bb70aed67c23a2e2a40a57cd028d2546

Browse Source
This commit is contained in:
Amir Sheff 2022-02-25 08:03:56 +00:00 committed by GitHub
commit f20fa0d897
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -103,6 +103,7 @@ Digital Forensics and Incident Response (DFIR) teams are groups of people in an
* [CyLR](https://github.com/orlikoski/CyLR) - The CyLR tool collects forensic artifacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host.
* [Forensic Artifacts](https://github.com/ForensicArtifacts/artifacts) - Digital Forensics Artifact Repository
* [ir-rescue](https://github.com/diogo-fernan/ir-rescue) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
* [kube-forensics](https://github.com/keikoproj/kube-forensics) - Kubernetes IR tool that allows an admin to dump the current state of a running pod and all its containers for off-line forensic analysis.
* [Live Response Collection](https://www.brimorlabs.com/tools/) - Automated tool that collects volatile data from Windows, OSX, and \*nix based operating systems.
* [Margarita Shotgun](https://github.com/ThreatResponse/margaritashotgun) - Command line utility (that works with or without Amazon EC2 instances) to parallelize remote memory acquisition.
* [UAC](https://github.com/tclahr/uac) - UAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts. Supported systems: AIX, FreeBSD, Linux, macOS, NetBSD, Netscaler, OpenBSD and Solaris.
@ -175,6 +176,7 @@ Digital Forensics and Incident Response (DFIR) teams are groups of people in an
* [Volatility 3](https://github.com/volatilityfoundation/volatility3) - The volatile memory extraction framework (successor of Volatility)
* [VolatilityBot](https://github.com/mkorman90/VolatilityBot) - Automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation.
* [VolDiff](https://github.com/aim4r/VolDiff) - Malware Memory Footprint Analysis based on Volatility.
* [VolWeb](https://github.com/k1nd0ne/VolWeb) - Volatility3 efficient and visual web UI.
* [WindowsSCOPE](http://www.windowsscope.com/windowsscope-cyber-forensics/) - Memory forensics and reverse engineering tool used for analyzing volatile memory offering the capability of analyzing the Windows kernel, drivers, DLLs, and virtual and physical memory.
### Memory Imaging Tools