chainsaw
Event log analyzer
A tool to rapidly search and analyze Windows forensic artefacts like Event Logs and MFT files.
Rapidly Search and Hunt through Windows Forensic Artefacts
3k stars
52 watching
268 forks
Language: Rust
last commit: 3 months ago
Linked from 1 awesome list
attackblueteamchainsawcounterceptdetectiondfirforensicslogsrustsecuritysigmathreat-huntingwindows
meirwah/awesome-incident-responseRelated projects:
| Repository | Description | Stars |
|---|---|---|
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 149 |
 sleuthkit/sleuthkit | A collection of command line tools for analyzing digital evidence from various file systems and disk images. | 2,648 |
 ahmedkhlief/apt-hunter | A tool to analyze Windows event logs for signs of APT attacks and malware activity. | 1,265 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 234 |
 fuzzdb-project/fuzzdb | A comprehensive toolset for identifying and exploiting application vulnerabilities through dynamic testing | 8,288 |
 elevenpaths/foca | A tool for extracting and analyzing metadata and hidden information from documents. | 3,016 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 chainguard-dev/malcontent | Tools for detecting and analyzing malware in software binaries | 468 |
 damonmohammadbagher/etwprocessmon2 | A tool for monitoring and detecting malicious activity via ETW events | 294 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 yarox24/evtkit | Tool to repair Windows Event Log files (.evt) acquired during forensic investigations | 18 |
 wagga40/zircolite | A standalone tool for analyzing and detecting security-related events in various Linux logs using SIGMA rules | 684 |
 bert-janp/hunting-queries-detection-rules | Provides KQL queries for hunting and detection in security logs | 1,292 |
 usarmyresearchlab/dshell | A network forensic analysis framework for dissecting network packet captures | 5,463 |