Check file/ip/hash - https://www.virustotal.com/
Virus analysis - https://bilimdon.ru/evristicheskii-analiz-virusov-chto-takoe-evristicheskii-analizator.html
Цельные наборы инструментов для форензики - https://www.sans.org/tools/sift-workstation/ / https://forensics.cert.org/#ADIA / https://github.com/orlikoski/Skadi / http://www.sleuthkit.org/autopsy/
Платформы для форензики / инструменты для совместной форензики - https://github.com/dfir-iris/iris-web / https://github.com/DFIRKuiper/Kuiper / https://thehive-project.org / https://github.com/google/grr / https://github.com/dfirtrack/dfirtrack / https://github.com/LDO-CERT/orochi / https://github.com/google/timesketch
Мониторинг хостов - https://github.com/zentralopensource/zentral / https://github.com/fleetdm/fleet / https://github.com/gmagklaras/pofr / https://github.com/certtools/intelmq / https://github.com/Velocidex/velociraptor / https://github.com/TonyPhipps/Meerkat
IOC — cканеры (компрометация) - https://github.com/Neo23x0/Loki / https://github.com/Neo23x0/Fenrir / https://github.com/codeyourweb/fastfinder
Сбор артефактов - https://github.com/forensicanalysis/artifactcollector / https://github.com/osquery/osquery / https://github.com/diogo-fernan/ir-rescue / https://github.com/tclahr/uac / https://github.com/OWNsecurity/fastir_artifacts / https://github.com/log2timeline/dftimewolf / https://github.com/OMENScan/AChoir / https://github.com/orlikoski/CyLR / https://dfir-orc.github.io
Работа с реестром - https://github.com/keydet89/RegRipper3.0 / https://github.com/airbus-cert/regrippy / https://github.com/mkorman90/regipy
Работа с журналами - https://github.com/dogoncouch/logdissect / https://github.com/ahmedkhlief/APT-Hunter / https://github.com/JPCERTCC/LogonTracer / https://github.com/airbnb/streamalert / https://github.com/snovvcrash/usbrip
Работа с памятью и образами системы - https://github.com/volatilityfoundation/volatility3 / https://github.com/microsoft/avml / https://github.com/504ensicsLabs/LiME / https://github.com/intel/bmap-tools / https://github.com/williballenthin/INDXParse / https://github.com/limbenjamin/nTimetools / https://github.com/Lazza/RecuperaBit / https://github.com/sleuthkit/sleuthkit / https://github.com/ufrisk/MemProcFS / https://github.com/docker-forensics-toolkit/toolkit
Извлечение веб-артефактов - https://github.com/obsidianforensics/hindsight / https://github.com/Busindre/dumpzilla
Работа с метаданными - https://exiftool.org / https://github.com/Exiv2/exiv2 / https://github.com/smalot/pdfparser / https://github.com/ElevenPaths/FOCA
Инструменты для Mac - https://github.com/ydkhatri/mac_apt / https://themittenmac.com/the-esf-playground/ / https://objective-see.org/products/knockknock.html
Инструменты для смартфонов - https://github.com/MobSF/Mobile-Security-Framework-MobSF / https://github.com/den4uk/andriller / https://github.com/abrignoni/ALEAPP / https://github.com/abrignoni/iLEAPP
Различные инструменты - https://github.com/vitaly-kamluk/bitscout / https://github.com/ForensicArtifacts/artifacts / https://github.com/GuidoBartoli/sherloq / https://github.com/sevagas/swap_digger / https://github.com/simsong/bulk_extractor / https://github.com/AlessandroZ/LaZagne / https://github.com/rabbitstack/fibratus / https://github.com/sshock/AFFLIBv3 / https://github.com/SigmaHQ/sigma
https://github.com/sleuthkit/sleuthkit - stk
https://www.autopsy.com - autopsy; https://habr.com/ru/company/alexhost/blog/533260/
https://github.com/sshock/AFFLIBv3 - afftools; https://www.mankier.com/package/afftools
https://www.mankier.com/package/ewftools - ewftools
https://github.com/libyal/libewf - Libewf is a library to access the Expert Witness Compression Format (EWF)
https://rt-solar.ru/products/jsoc/cert/
https://www.magnetforensics.com/products/magnet-axiom/ - magnet axiom; https://www.securitylab.ru/software/504601.php
https://github.com/volatilityfoundation/volatility - volatility
Ассемблер - https://www.youtube.com/watch?v=PHyIP9g9BQw ; https://habr.com/ru/post/544786/ ; https://habr.com/ru/post/423077/ ; https://habr.com/ru/post/129739/
Статьи - https://habr.com/ru/post/211749/ ; https://xakep.ru/2013/11/16/forensic-ram-ringerprints/ ;
https://securelist.ru/petya-the-two-in-one-trojan/28473/ ; https://securelist.ru/ataki-do-zagruzki-sistemy/20151/ ;
https://spy-soft.net/how-to-create-memory-dump-windows/ ; https://blog.group-ib.ru
Общие статьи - https://habr.com/ru/company/group-ib/blog/551444/ ; https://habr.com/ru/company/ruvds/blog/534218/ ;
https://habr.com/ru/post/136816/ ; https://habr.com/ru/post/338378/ ; https://habr.com/ru/post/327740/ ;
https://www.youtube.com/watch?v=Auif45cTTwQ ; https://www.youtube.com/watch?v=VTl_kw15KBo