UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Incident Forensic Response In Terminal script for linux

This is a Live Response script to help incident responders to acquire data, contain and recover.

A DFIR Incident Response AI bot using local Ollama LLM to derrive automated findings from logs

File and file meta information collect using PowerShell in Live Response environment.

A Firefox extension to encrypt files downloaded through Microsoft 365 Defender's Live Response Sessions.

Coretrawler is a data forensics utility for Solaris designed to scan raw disk devices on a live host for core dump files. It can parse core files to extract information such as the process name, executable path, process id, parent process id, process start timestamp, and optionally extract and save full core files to a specified directory.

WebLogHunter is a tool for parsing and analysing web server access logs to detect suspicious activity. It normalises logs into a standard DataFrame format for efficient querying and applies risk-scoring rules to highlight potential threats.

Cabbage is a simple python-based wrapper designed to automate and simplify post-mortem analysis of Solaris 10 kernel crash dumps and uncover evidence of rootkits and malicious activity.

Parse IIS applicationHost.config to generate CSV file.