Commit Graph

316 Commits

Author SHA1 Message Date
Karol Trociński
522e37f639
Add MalConfScan volatility plugin. 2019-10-26 10:00:23 +00:00
actualmermaid
e147176811
Update README.md 2019-10-17 11:38:36 -07:00
Herman Slatman
7cad62c65f
Add DFIR ORC 2019-09-24 10:51:24 +02:00
Bryan Bowie
18bc422371
Update README.md
Added in several new tools as well as removed Malwr as it is no longer available at this time.
2019-09-02 12:40:45 -04:00
Tony Phipps
174faaae58
Update README.md 2019-08-28 07:12:35 -04:00
Tony Phipps
7db1d4b1c0
Update README.md 2019-08-27 23:29:19 -04:00
Alexey Dolgikh
3945bce515
Update README.md 2019-06-03 09:53:54 +03:00
Alexey Dolgikh
e6817c1d19
Update README.md
Adds Kaspersky CyberTrace and Kaspersky Threat Intelligence Portal
2019-05-28 12:15:36 +03:00
Herman Slatman
1a4ab6dcf0
Fix errors after merge 2018-11-27 17:51:52 +01:00
Herman Slatman
045c36b3e9
Merge branch 'master' into hs_sysmon_search 2018-11-27 17:33:34 +01:00
Meitar M
c7366df265
Consistently use sentence casing, fix a typo, shorten verbose items.
This commit continues the work to conform to the Awesome List style
guidelines. In this commit, item descriptions have been checked to
ensure they use sentence casing (first letter of the description must be
capitalized), a typo ("forenisic" -> "forensic") was fixed, and several
overly long descriptions that read too much like marketing material were
shortened to a single sentence for simplicity.
2018-10-03 16:21:23 -04:00
Meitar M
6e4f1accca Continued style guide conformance fixes.
This commit continues edits to make the list Awesome List conformant.
Specifically, this commit focuses on:

* Removing prepositions ("A," "An," "The," etc) from the start of items.
* Removing duplicated line item names from their descriptions.
* Expanding acronyms of line item names in the link itself.

Again, this is just one step in the process of making the list more
conformant to the Awesome List style guide and should not be considered
an exhaustive treatment.
2018-10-03 15:47:22 -04:00
Meitar M
c7dc47c239 Begin style conformance with new Awesome List guides.
The Awesome List style guide wants listed awesome lists to conform to a
particular style. Their style guide includes numerous items, some of
which are addressed by this commit. The items addressed herein include:

* Name of list as the top-level heading.
* Awesome badge placed to the right of the title, not underneath.
* Description of the list contents.
* All line items should end in appropriate punctuation (like a period).

This is a first pass and should not be considered an exhaustive
accounting of the style guide's recommendations.
2018-10-03 15:44:51 -04:00
Herman Slatman
a3d57c4271
Merge branch 'master' into hs_sysmon_search 2018-10-01 21:12:35 +02:00
Herman Slatman
cb5016d109
Add StreamAlert 2018-10-01 20:14:38 +02:00
Herman Slatman
2b404faf3d
Add SysmonSearch 2018-10-01 20:10:43 +02:00
CIRT Josh
e84f24cc69
Update README.md 2018-08-30 17:31:50 +01:00
CIRT Josh
1fcabb74c4
Merge pull request #1 from meirwah/master
Update
2018-08-30 17:28:40 +01:00
Meitar M
87ae91b21e
Add Scout2, an AWS assessment and (semi-)automated account hardening tool. 2018-08-22 14:00:32 -04:00
Meitar M
8433df3be6
Add Margarita Shotgun, a Python-based remote memory acquisition tool. 2018-08-22 14:00:12 -04:00
Herman Slatman
81805dfaeb
Add Diffy 2018-07-17 22:47:56 +02:00
Binalyze
4626070758
Update README.md
Added the word free.
2018-06-17 22:23:30 +03:00
Binalyze
866884f933
Update README.md
Added IREC into Windows Evidence Collection list.
2018-06-17 22:22:30 +03:00
Meir Wahnon
097454d7b8
Merge pull request #107 from hslatman/hs_adversary_emulation
Add Adversary Emulation section
2018-05-12 09:51:21 -07:00
nogoodconfig
6c38544120 Added PyaraScanner 2018-05-03 15:30:52 +01:00
nogoodconfig
c3320ee0d3 Added PyaraScanner 2018-05-03 15:30:01 +01:00
megan201296
52282a826c
Update README.md
Removed `s` in `https://augmentd.co/`. augmentd only uses `http`
2018-04-24 17:01:30 -05:00
Logically Secure Ltd
d1b3ae2a58
Update README.md
Added CyberCPR as Incident Management tool
2018-04-12 17:53:15 +04:00
dogoncouch
b0ef858927 Add logdissect log analysis tool (CLI/Python API) 2018-03-27 14:18:54 -04:00
Herman Slatman
534f7837f4
Add several Adversary Emulation tools 2018-03-24 12:14:31 +01:00
Herman Slatman
e93c03bfb2
Add Caldera 2018-03-24 12:02:13 +01:00
Herman Slatman
99443b07ea
Merge branch 'master' of https://github.com/meirwah/awesome-incident-response into hs_adversary_emulation 2018-03-24 11:59:56 +01:00
Herman Slatman
682ae1a62a
Add Adversary Emulation section 2018-03-24 11:55:46 +01:00
Meir Wahnon
f6ba87baf7
Merge pull request #103 from deralexxx/patch-1
API list
2018-02-20 22:53:50 -08:00
Alexander J
700ed12699
Update README.md 2018-02-20 22:24:07 +01:00
Alexander J
cbe381c8f5
Update README.md
updated
2018-02-20 21:13:47 +01:00
chadmando
d88c1b898f
Fix Books section DFIR Intro link
Scott Roberts DFIR Intro link is broken, pointed to his Medium post on the same topic
2018-02-19 09:56:16 -06:00
Meir Wahnon
17d24c69de
adding helk
adding helk
2018-01-17 17:56:55 +02:00
Alexander J
8be7413c8c
Update README.md 2018-01-16 13:11:00 +01:00
Alexander J
69977b1bf4
Update README.md 2018-01-14 17:38:06 +01:00
Alexander J
ba892960f3
API list
Hope that is good enough for the awesome list.
2018-01-14 17:36:48 +01:00
Yogesh Khatri (@swiftforensics)
e5637704ba
Added mac_apt under OSX category 2018-01-07 00:11:05 -05:00
Theta Gamma
2bed4f7cb2
Update README.md 2017-11-15 11:40:55 +01:00
Theta Gamma
4d615bbeaf
Update README.md
FIDO is deprecated at Netflix and this repository is no longer maintained. -> removed
added CCF-VM to linux-distributions
2017-11-15 11:36:12 +01:00
sabandosoleda
8fedf97fa6
fixed alphabetical order 2017-11-04 18:35:36 +01:00
sabandosoleda
5ed90e2758
Add Bitscout
Please add Bitscout as a trustable remote forensics and acquisition livecd builder tool! Thank you
2017-11-04 16:52:43 +01:00
Brie Carranza
2a5218dade Add morgue by etsy 2017-10-24 17:02:40 -04:00
Herman Slatman
56e4f3bcc5 Add DumpsterFire
And move sqhunter to turn the list into alphabetical order again
2017-10-20 14:27:00 +02:00
Herman Slatman
a4d0fc1216 Add Kolide Fleet
Removed the old, out-dated Kolide entry
2017-10-19 08:16:07 +02:00
Tomas Hertus
a2fa9c460c Add Metadefender Cloud 2017-06-28 10:11:41 -07:00
Adel Ka
8972536973 sqhunter tool added 2017-06-28 15:07:55 +10:00
Herman Slatman
418e88965a Add imagemounter 2017-05-28 13:35:11 +02:00
Herman Slatman
0472cd5c94 Add Cyphon 2017-05-20 22:22:43 +02:00
Meir Wahnon
cf07ef546a adding Panorama
adding Panorama
2017-05-20 10:27:24 -07:00
Meir Wahnon
c879934de2 add VolDiff
add VolDiff to memory
2017-05-12 16:37:01 +03:00
Meir Wahnon
1cb26921a4 Adding IRM
Adding IRM
2017-04-04 11:51:51 +03:00
Meir Wahnon
f1959c15d6 Add Contents header
Add Contents header
2017-04-01 11:12:13 +03:00
Diogo Fernandes
de396576b3 Added domfind 2017-03-29 18:36:13 +02:00
Herman Slatman
441c4f717f Add augmentd 2017-03-25 18:33:33 +01:00
Meir Wahnon
31f72656fe Add Demisto to incident mgmt section
Add Demisto free edition to incident mgmt section
2017-03-18 14:00:33 +02:00
Diogo Fernandes
e41ab7de89 Added ir-rescue 2017-02-11 23:30:48 +01:00
Saad Kadhi
b8906e9fab add Cortex from TheHive Project 2017-02-04 18:16:58 +01:00
Meir Wahnon
6be9b47df4 Merge pull request #80 from K2/master
Added inVtero.net
2017-01-27 17:54:40 +02:00
Herman Slatman
5ffcbf346f Add PagerDuty Incident Response Documentation 2017-01-21 09:42:28 +01:00
ktwo/ShaneK2
f79dc0c08d Added inVtero.net
Link to my new memory analysis platform ;)
2017-01-20 18:57:32 -08:00
chumstick
c71116c3c5 Fixed Formatting to Conform to Guidelines 2016-11-16 13:57:21 -05:00
chumstick
4f7352617b Added "Fidelis ThreatScanner" to Windows tools 2016-11-16 13:54:42 -05:00
Keith J. Jones
68a26a79e0 Merge branch 'master' of https://github.com/meirwah/awesome-incident-response into visualize_logs 2016-11-12 11:44:22 -05:00
Keith J. Jones
cda1ca8605 Added cuckoo log to project description. 2016-11-12 11:44:17 -05:00
Herman Slatman
c22a83df11 Add LMG 2016-11-10 01:29:48 +01:00
Herman Slatman
ccb093b0b1 Add VolatilityBot 2016-11-10 01:24:56 +01:00
Herman Slatman
bc1c24d754 Add TheHive 2016-11-10 01:20:25 +01:00
Meir Wahnon
7af1241d54 Merge pull request #76 from keithjjones/visualize_logs
Added Visualize_Logs
2016-11-06 20:33:43 +00:00
Meir Wahnon
500ac758dd Merge pull request #75 from bcarrier/master
Added Cyber Triage.
2016-10-24 10:24:53 +03:00
Keith J. Jones
7743a82fa6 Added Visualize_Logs. 2016-10-23 14:46:05 -04:00
Keith J. Jones
518772feb6 Added cuckoo-modified-api 2016-10-04 16:10:39 -04:00
Brian Carrier
3e462aac5e Added Cyber Triage. 2016-09-27 23:27:29 -04:00
Keith J. Jones
07b81326dd Alphabetized and capitalized. 2016-08-31 10:44:50 -04:00
Keith J. Jones
662dbd9904 Added two keithjjones tools. 2016-08-31 10:37:53 -04:00
Meir Wahnon
e42e2ecec3 Adding Zentral
Adding Zentral to  All in one Tools
2016-07-18 19:50:48 +03:00
Herman Slatman
a5ebd3e291 Remove period 2016-07-12 14:42:11 +02:00
Herman Slatman
f249e0dbf4 PALADIN added 2016-07-12 14:36:10 +02:00
Herman Slatman
9e767898bd Added Magnet RAM Capture 2016-07-12 14:30:38 +02:00
Herman Slatman
8567ec5e97 Added ACQUIRE 2016-07-12 14:27:08 +02:00
Herman Slatman
3a4fff6617 Added Falcon Orchestrator 2016-07-12 14:20:50 +02:00
Herman Slatman
abb133510d Added RaQet 2016-07-12 13:08:53 +02:00
Herman Slatman
b589680044 Added CimSweep 2016-07-12 13:01:53 +02:00
Herman Slatman
39374aa51a Added nightHawk 2016-07-12 12:58:40 +02:00
MikeDawg
a39de0c7ba Added NST, and fixed a couple EOLs 2016-07-08 09:15:06 -06:00
MikeDawg
4d3ed91f0b Alphabetical order FTW 2016-06-30 11:50:07 -06:00
MikeDawg
d302552f03 Added X-Ray 2.0 2016-06-30 11:01:55 -06:00
Meir Wahnon
327602e8a6 remove DNS miner
fixes #67
2016-06-16 17:00:27 +03:00
Nedim Šabić
402349cc95 Add Fibratus 2016-06-07 16:18:06 +02:00
Herman Slatman
2f13ee5a59 Added Doorman 2016-06-01 21:51:21 +02:00
Meir Wahnon
37c0ba12e6 Adding LiME
fixes #63
2016-05-26 10:20:47 +03:00
Herman Slatman
a34ee4f49a SearchGiant added 2016-05-20 11:16:12 +02:00
Herman Slatman
5c05e15330 Kolide added 2016-05-09 09:50:23 +02:00
Meir Wahnon
3bb912af8b update playbooks link
to https://www.incidentresponse.com/playbooks/
fixes #59
2016-04-22 08:58:32 +03:00
Herman Slatman
620e5ab909 Rastrea2r added 2016-04-19 14:44:44 +02:00
Herman Slatman
0f6415af9b Add link. Stupid me. 2016-03-22 17:11:05 +01:00
Herman Slatman
694ea2faa4 ADIA added 2016-03-22 09:21:10 +01:00
Meir Wahnon
3d68cca1c3 Merge pull request #56 from mthlvt/master
Lorg tool added
2016-03-21 08:35:42 +02:00
Mat
3c69b3a9a9 Lorg tool added
added a new tool called Lorg: a tool for advanced HTTPD logfile security analysis and forensics
2016-03-21 11:36:18 +09:00
Meir Wahnon
1eb9cf6e28 Merge pull request #54 from meirwah/CDQR
adding Cold Disk Quick Response tool
2016-02-29 09:22:52 +02:00
Herman Slatman
f17a3be290 small addition to Lima Charlied entry 2016-02-26 23:20:45 +01:00
Herman Slatman
86bb4b11e9 CIRTkit added 2016-02-26 23:18:06 +01:00
Meir Wahnon
86e28d1612 adding Cold Disk Quick Response tool 2016-02-24 22:25:14 +02:00
Meir Wahnon
b5eeec36b1 reverting... 2016-02-24 19:50:41 +02:00
Meir Wahnon
a89acf7aa6 website for PMDump seems to have issues
switching to http://www.securityfocus.com/tools/2466
2016-02-24 19:49:54 +02:00
Meir Wahnon
2a3a0e3c98 add binaryforay tools 2016-02-23 22:53:34 +02:00
Interleaved
a8c4173d4a Fix typo in IR workflow gallery item 2016-02-21 10:25:07 +01:00
Interleaved
594f5d9a4c Add new playbooks item for IR workflow gallery 2016-02-21 10:18:49 +01:00
Meir Wahnon
600f5debf4 add playbooks section 2016-02-17 18:54:39 +02:00
ahhh
d808307223 Update README.md
fix minor spelling error
2016-02-16 16:44:18 -08:00
Meir Wahnon
e0ab1523e4 small change 2016-02-15 15:41:35 +02:00
Meir Wahnon
a45659f71b remove unneeded comma 2016-02-15 15:40:04 +02:00
Meir Wahnon
ee7b5d8759 Adding KonckKnock
to OSX section
2016-02-15 15:38:47 +02:00
Meir Wahnon
cffffd65be Adding PowerForensics
to Windows Evidence Collection
2016-02-04 09:48:18 +02:00
Herman Slatman
1b43cabd08 Another (local) conflict resolved 2016-01-27 13:51:18 +01:00
Herman Slatman
c8bdf8bab9 Merge conflict resolved 2016-01-27 13:49:51 +01:00
Herman Slatman
c3655a5516 Removed some dots 2016-01-27 13:19:02 +01:00
Herman Slatman
ee0db994b1 Removed some dots 2016-01-27 13:16:37 +01:00
Herman Slatman
dd9b8ff64d small typos 2016-01-27 12:28:07 +01:00
Herman Slatman
feaf021164 Adding Linux evidence collection entry 2016-01-27 12:25:53 +01:00
Herman Slatman
7977ac9c78 FastIR for Linux added 2016-01-27 12:25:02 +01:00
Meir Wahnon
7d009f4273 Adding Crits
To other section
2016-01-26 09:47:44 +02:00
ReadmeCritic
0e0c029d4e Update README URLs based on HTTP redirects 2016-01-20 12:29:56 -08:00
Meir Wahnon
5b6fd16115 fix DFIR intro 2016-01-13 20:55:34 +02:00
Meir Wahnon
f0d7b27673 Remove dots at end of line + add intro section 2016-01-13 20:52:49 +02:00
Meir Wahnon
075d2a5796 fix empty raw 2016-01-09 14:21:54 +02:00
Meir Wahnon
fe443b7452 Add Evidence collectors section
for multi platform
2016-01-09 14:16:04 +02:00
Meir Wahnon
b60bd66747 Merge pull request #40 from hslatman/hs_20160108
Fenrir + bulk_extractor
2016-01-09 14:11:22 +02:00
Herman Slatman
a6e31beea3 Stenographer buffered PCAP capture solution added 2016-01-09 11:22:43 +01:00
Herman Slatman
fb442c4a5a bulk_extractor added 2016-01-08 18:58:38 +01:00
Herman Slatman
7198f75f19 Fenrir IOC scanner added 2016-01-08 18:46:00 +01:00
Meir Wahnon
ada4d000f6 Adding Belkasoft Evidence Center 2016-01-07 23:39:50 +02:00
Meir Wahnon
afbf73468a Adding Limacharlie 2016-01-04 09:26:40 +02:00
Herman Slatman
b94e155720 2nd link removed + 'typo' 2015-12-23 10:46:17 +01:00
Herman Slatman
b5c7ececb8 Merging DEFT and DEFT Zero 2015-12-23 10:32:56 +01:00
Herman Slatman
1a8cd130ee DEFT Zero (light DEFT) added 2015-12-21 13:38:55 +01:00
Herman Slatman
91111f0a8e DEFT Linux Distro added 2015-12-21 13:33:41 +01:00
Herman Slatman
50f5574a56 CAINE Live added 2015-12-21 13:30:04 +01:00
Herman Slatman
2b7f5a0bc5 SIFT Workstation added 2015-12-18 13:19:04 +01:00
Meir Wahnon
877119aa70 Merge pull request #36 from hslatman/hs_category_linux_distro
Move Security Onion to Linux Distributions Category + slight descript…
2015-12-17 13:43:02 +02:00
Herman Slatman
39cbfa075d Move Security Onion to Linux Distributions Category + slight description change 2015-12-14 21:44:57 +01:00
MikeDawg
a96753db32 Update Readme.md - Added Triage-IR
Added Triage-IR
2015-12-14 11:40:10 -07:00
Herman Slatman
2c8cb30576 threat_note name changed to real name + slightly more descriptive description 2015-12-14 10:12:48 +01:00
Herman Slatman
b1079e3be9 Envdb added 2015-12-14 10:09:57 +01:00
Herman Slatman
70e14eef1c BriMor Labs Live Response Collection added 2015-12-14 10:07:03 +01:00
Meir Wahnon
dcdbedb963 Remove DumpIT - seems the project is not maintained anymore 2015-12-13 15:04:20 +02:00