ir-rescue
Forensic scanner
A tool for comprehensively collecting host forensic data during incident response and analysis.
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
466 stars
44 watching
94 forks
Language: Batchfile
last commit: over 4 years ago
Linked from 3 awesome lists
bashbatchcybersecuritydfirforensicsincident-responsemalwarenirsoftsysinternalsunixwindows
sbilly/awesome-security
meirwah/awesome-incident-response
fabacab/awesome-cybersecurity-blueteamRelated projects:
| Repository | Description | Stars |
|---|---|---|
| diogo-fernan/domfind | A tool to find identical domain names with SOA DNS records under different TLDs | 24 |
 travisfoley/dfirtriage | A digital forensic tool designed to gather and analyze data from Windows-based systems in incident response scenarios. | 335 |
 dfir-iris/iris-web | A collaborative platform for incident responders to share technical details during investigations | 1,091 |
 eliasgranderubio/dagda | A tool to analyze and monitor Docker images and containers for security threats | 1,164 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 234 |
 dissectmalware/officeforensictools | A Python-based collection of tools for gathering forensic information from Office documents | 26 |
 teamdfir/sift | A suite of tools and images for building and managing digital forensics environments on AWS | 494 |
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 149 |
 jfarley248/meat | A toolkit for acquiring and analyzing evidence from iOS devices | 140 |
 netflix-skunkworks/diffy | An incident response tool that helps digital forensics teams analyze and prioritize suspicious hosts in cloud environments | 635 |
 flo354/iosforensic | A tool to aid in forensic analysis of iOS devices | 63 |
 joeavanzato/trawler | A PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts by scanning for various persistence techniques. | 310 |
 msuhanov/dfir_ntfs | A digital forensics tool for parsing and analyzing NTFS/FAT file systems. | 196 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 790 |
 anssi-fr/dfir4vsphere | A PowerShell module for collecting logs and forensics data from VMware vSphere environments. | 143 |