Digital Forensics
Showing 36 of 100 projects
A curated collection of periodic cybersecurity newsletters covering news, research, tools, vulnerabilities, and threat analysis.
A portable Python script that automates malware analysis by collecting runtime indicators using Sysinternals Procmon.
A community-sourced, machine-readable knowledge base of digital forensic artifacts for use in forensic tools and investigations.
The largest open collection of Android malware samples for security research and analysis.
A bash script for searching extracted firmware file systems to identify security issues, sensitive data, and interesting artifacts.
A command-line forensics tool for tracking USB device connection history on GNU/Linux systems.
A digital forensics and incident response framework for unified analysis of forensic artifacts across disk formats, filesystems, and operating systems.
A portable volatile memory acquisition tool for Linux that captures memory images without requiring target OS or kernel knowledge.
A desktop application for incident responders to track findings, tasks, and visualize timelines during cybersecurity investigations.
A Python-based DFIR framework for extracting forensic artifacts from macOS and iOS disk images or live systems.
A curated list of tools and resources for anti-forensic activities, including data hiding, encryption, steganography, and evidence removal.
A digital forensics investigation platform for parsing, searching, visualizing evidence, and enabling team collaboration.
A curated collection of macOS and iOS security resources including tools, research, malware analysis, and hardening guides.
A cross-platform forensic artifact collection tool for NTFS file systems that minimizes host impact.
A Python tool to analyze, explore, and revive malicious HTTP traffic from PCAP files for security research.
A Windows Registry forensics tool for extracting and analyzing data from registry hives using Perl-based plugins.
A curated collection of Event ID resources for digital forensics and incident response professionals.
An asynchronous forensic data presentation framework for incident response, built on Elasticsearch.
A forensic tool for exploring offline Docker filesystems to analyze compromised containers.
A forensic tool for exploring offline Docker container filesystems and metadata from disk images.
A system-focused web application for tracking systems, tasks, and artifacts during major digital forensics and incident response (DFIR) investigations.
A self-hosted incident response platform that automates alert handling and ticket management for security teams.
Collects Windows forensic artifacts to detect early system compromises through analysis of live data.
A tool for real-time SSL/TLS key extraction and traffic decryption to simplify encrypted network analysis for security researchers.
An open-source platform for collecting, processing, and analyzing forensic artifacts from macOS, Windows, and Linux systems.
A Volatility plugin that extracts configuration data and decoded strings from known malware families in memory images.
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
A Windows Batch and Unix Bash script suite for comprehensive host forensic data collection during incident response.
A PowerShell module collection for agentless artifact gathering and reconnaissance on Windows endpoints.
A customizable live OS constructor tool written in Bash for remote forensics, malware hunting, and incident response.
A web interface for the Volatility memory forensics framework that runs plugins, stores results in MongoDB, and enables cross-plugin search.
A framework for orchestrating forensic collection, processing, and data export through modular recipes.
A forensic artifact parsing tool that quickly analyzes disk images and extracted artifacts from Windows, Linux, macOS, and Android devices.
A Windows GUI tool that reconstructs directory trees and analyzes FILE records from NTFS Master File Table ($MFT) files.
A customizable single-binary agent for collecting forensic artifacts from Windows, macOS, and Linux systems.
A high-speed memory forensics tool for analyzing physical memory dumps to find/extract processes and hypervisors using virtual machine introspection.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.