chainsaw
Windows forensics tool
A tool for rapid analysis of Windows forensic artefacts to support incident response and threat hunting investigations.
Rapidly Search and Hunt through Windows Forensic Artefacts
3k stars
53 watching
264 forks
Language: Rust
last commit: 11 days ago
Linked from 1 awesome list
attackblueteamchainsawcounterceptdetectiondfirforensicslogsrustsecuritysigmathreat-huntingwindows
meirwah/awesome-incident-responseRelated projects:
| Repository | Description | Stars |
|---|---|---|
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 148 |
 sleuthkit/sleuthkit | A collection of command line tools for analyzing digital evidence from various file systems and disk images. | 2,630 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,255 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 232 |
 fuzzdb-project/fuzzdb | A comprehensive toolset for identifying and exploiting application vulnerabilities through dynamic testing | 8,242 |
 elevenpaths/foca | A tool for extracting and analyzing metadata and hidden information from documents. | 2,979 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 57 |
 chainguard-dev/malcontent | A tool that detects and analyzes malicious software in various file formats and platforms | 445 |
 damonmohammadbagher/etwprocessmon2 | A tool for monitoring and detecting malicious activity via ETW events | 292 |
 threathunters-io/laurel | Transforms Linux audit logs into standardized, human-readable format for security monitoring | 711 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 680 |
 bert-janp/hunting-queries-detection-rules | Provides KQL queries for hunting and detection in security logs | 1,257 |
 usarmyresearchlab/dshell | A network forensic analysis framework for dissecting network packet captures | 5,454 |