diffy
Host analyzer
An incident response tool that helps digital forensics teams analyze and prioritize suspicious hosts in cloud environments
(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
635 stars
144 watching
59 forks
Language: Python
last commit: about 1 year ago
Linked from 2 awesome lists
dfirforensicssecurity
meirwah/awesome-incident-response
4ndersonlin/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 fox-it/dissect | A digital forensics framework that provides tools and parsers to analyze forensic artefacts from various disk and file formats. | 939 |
 hackvertor/diffy | A Java application that displays differences between two responses using color-coded formatting. | 0 |
 diogo-fernan/ir-rescue | A tool for comprehensively collecting host forensic data during incident response and analysis. | 466 |
 dhoelzer/showmethepackets | Tools and resources for network monitoring and analysis used in the SANS SEC503 course | 214 |
 codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 234 |
 idiom/pftriage | Tool to analyze files during malware analysis and triage by extracting properties and detecting malicious indicators. | 77 |
 dynetics/malfunction | Tools for analyzing and comparing malware at a function level using fuzzy hashing algorithms | 192 |
 ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 790 |
 dissectmalware/officeforensictools | A Python-based collection of tools for gathering forensic information from Office documents | 26 |
 detuxsandbox/detux | Analyzes and captures malware traffic on Linux sandboxed environments using QEMU hypervisor and various CPU architectures. | 261 |
 dfirkuiper/kuiper | An investigation platform for parsing and analyzing digital evidence, streamlining workflows and improving collaboration. | 777 |
 uqcyber/coldpress | Automates malware analysis workflow by extracting features and indicators of compromise from malicious files using various tools and libraries. | 16 |
| fox-it/dissect.target | Provides a programming API and command line tools to access various data sources inside disk images or file collections. | 48 |
| fox-it/dissect.xfs | A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions. | 2 |
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 149 |