Skip to content

Tools

Forensics & Incident Response tools 19 tools

Submit tool
Category
Health

19 tools

OSSEC At Risk open source

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Plaso At Risk open source

Super timeline all the things
Fastfinder At Risk open source

Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.
macOS Artifact Parsing Tool (mac_apt) At Risk open source

macOS (& ios) Artifact Parsing Tool
go-audit At Risk open source

go-audit is an alternative to the auditd daemon that ships with many distros
grr At Risk open source

GRR Rapid Response: remote live forensics for incident response
Forensic Artifacts At Risk open source

Digital Forensics Artifact Repository
LiME At Risk open source

Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, formerly called DMD.
CAPA At Risk open source

The FLARE team's open-source tool to identify capabilities in executable files.
Flare At Risk open source

A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing.
Acquire At Risk open source

Acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container. This makes Acquire an excellent tool to, among others, speedup the process of digital forensic triage. It uses Dissect to gather that information from the raw disk, if possible.
Splunk Attack Range At Risk open source

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
Velociraptor At Risk open source

Digging Deeper....
UAC At Risk open source

UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
Substation At Risk open source

A cloud native data pipeline and transformation toolkit for security teams.
Timesketch At Risk open source

Collaborative forensic timeline analysis
Zentral At Risk open source

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
Dissect At Risk open source

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Volatility 3 At Risk open source

Volatility 3.0 development

Beta — feedback welcome: [email protected]