Chip-DFIR's Stars
massgravel/Microsoft-Activation-Scripts
Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.
cmu-sei/GHOSTS
GHOSTS is a realistic user simulation framework for cyber experimentation, simulation, training, and exercise
lorentzenman/sheepl
Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments
Velocidex/velociraptor
Digging Deeper....
stuxnet999/MemLabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
digitalisx/awesome-memory-forensics
A curated list of awesome Memory Forensics for DFIR
volatilityfoundation/volatility3
Volatility 3.0 development
mdegrazia/KAPE_Tools
Tools and Binaries to use with KAPE
keydet89/Tools
Tools from WFA 4/e, timeline tools, etc.
simsong/bulk_extractor
This is the development tree. Production downloads are at:
daveherrald/SA_plaso-app-for-splunk
gleeda/memtriage
Allows you to quickly query a Windows machine for RAM artifacts
volatilityfoundation/community
Volatility plugins developed and maintained by the community
woanware/RegRipperRunner
google/grr
GRR Rapid Response: remote live forensics for incident response
meirwah/awesome-incident-response
A curated list of tools for incident response
EnCaseIntegratedToolkit/EITT
a GUI Interface for DFIR Open Source Tools
mandiant/Reversing
woanware/usbdeviceforensics
Python script for extracting USB information from Windows registry hives
dlcowen/dfirwizard
Example programs used in the automating DFIR series
EricZimmerman/RegistryExplorerBookmarks
Registry Explorer bookmark definitions
USArmyResearchLab/Dshell
Dshell is a network forensic analysis framework.
log2timeline/plaso
Super timeline all the things
google/timesketch
Collaborative forensic timeline analysis
kevthehermit/Scripts
Just a collection of scripts