Incident Response
Showing 36 of 176 projects
A Python-based DFIR framework for extracting forensic artifacts from macOS and iOS disk images or live systems.
A PHP-based web application for managing and tracking postmortems with pluggable features for IRC, JIRA, and timeline integration.
A curated awesome list of resources for Security Orchestration, Automation and Response (SOAR) technologies.
A Windows tool that intercepts and kills ransomware processes attempting to delete shadow copies via vssadmin and other system utilities.
A hunt and incident response tool for gathering forensic data from Microsoft Entra ID, Azure, M365, and Defender environments.
Scans files and process memory for Cobalt Strike beacons and extracts their configuration.
A digital forensics investigation platform for parsing, searching, visualizing evidence, and enabling team collaboration.
A framework for developing rigorous, documented alerting and detection strategies to improve incident response efficacy.
A Python utility for checking file hashes against multiple malware analysis services like VirusTotal, Hybrid Analysis, and MISP.
A standalone Python tool for applying SIGMA detection rules to EVTX, Auditd, Sysmon for Linux, and other log formats.
A concise, directive, specific, flexible, and free template for creating an incident response plan organizations will actually use.
A curated collection of macOS and iOS security resources including tools, research, malware analysis, and hardening guides.
A lightweight Bash script for scanning Linux/Unix/OSX systems for Indicators of Compromise (IOCs) without installation.
An automated malware analysis tool for Linux ELF files, extracting static and dynamic features for security assessment.
A data pipeline engine for security teams to collect, transform, enrich, and route telemetry data at scale.
A cross-platform forensic artifact collection tool for NTFS file systems that minimizes host impact.
A Windows Registry forensics tool for extracting and analyzing data from registry hives using Perl-based plugins.
A PowerShell suite for remote Windows incident response and hunting using CIM/WMI, requiring no agent deployment.
A curated collection of Event ID resources for digital forensics and incident response professionals.
An asynchronous forensic data presentation framework for incident response, built on Elasticsearch.
A Python library and CLI for extracting and refanging defanged Indicators of Compromise (IOCs) from text.
Open-source detection rules for identifying SolarWinds SunBurst backdoor activities and related vulnerabilities across multiple security tools.
A forensic tool for exploring offline Docker filesystems to analyze compromised containers.
A forensic tool for exploring offline Docker container filesystems and metadata from disk images.
Default playbooks and custom functions for Splunk SOAR (formerly Phantom) security orchestration and automation platform.
A system-focused web application for tracking systems, tasks, and artifacts during major digital forensics and incident response (DFIR) investigations.
A self-hosted incident response platform that automates alert handling and ticket management for security teams.
Collects Windows forensic artifacts to detect early system compromises through analysis of live data.
An open-source platform for collecting, processing, and analyzing forensic artifacts from macOS, Windows, and Linux systems.
A collection of example YARA-L detection rules and dashboards for Google Security Operations (SecOps).
A Volatility plugin that extracts configuration data and decoded strings from known malware families in memory images.
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
A Windows Batch and Unix Bash script suite for comprehensive host forensic data collection during incident response.
A PowerShell module collection for agentless artifact gathering and reconnaissance on Windows endpoints.
A customizable live OS constructor tool written in Bash for remote forensics, malware hunting, and incident response.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.