diffy
Host analyzer
An incident response tool that helps digital forensics teams analyze and prioritize suspicious hosts in cloud environments
(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
635 stars
144 watching
59 forks
Language: Python
last commit: 11 months ago
Linked from 2 awesome lists
dfirforensicssecurity
Related projects:
Repository | Description | Stars |
---|---|---|
fox-it/dissect | A digital forensics framework that provides tools and parsers to analyze forensic artefacts from various disk and file formats. | 924 |
hackvertor/diffy | A Java application that displays differences between two responses using color-coded formatting. | 0 |
diogo-fernan/ir-rescue | A tool for comprehensively collecting host forensic data during incident response and analysis. | 465 |
dhoelzer/showmethepackets | Tools and resources for network monitoring and analysis used in the SANS SEC503 course | 209 |
codeyourweb/fastfinder | Tools for detecting suspicious files and directories on Windows and Linux endpoints. | 232 |
idiom/pftriage | Tool to analyze files during malware analysis and triage by extracting properties and detecting malicious indicators. | 77 |
dynetics/malfunction | Tools for analyzing and comparing malware at a function level using fuzzy hashing algorithms | 191 |
ydkhatri/mac_apt | A digital forensics tool for analyzing macOS and iOS systems | 783 |
dissectmalware/officeforensictools | A Python-based collection of tools for gathering forensic information from Office documents | 26 |
detuxsandbox/detux | Analyzes and captures malware traffic on Linux sandboxed environments using QEMU hypervisor and various CPU architectures. | 260 |
dfirkuiper/kuiper | An investigation platform for parsing and analyzing digital evidence, streamlining workflows and improving collaboration. | 769 |
uqcyber/coldpress | Automates malware analysis workflow by extracting features and indicators of compromise from malicious files using various tools and libraries. | 16 |
fox-it/dissect.target | Provides a programming API and command line tools to access various data sources inside disk images or file collections. | 44 |
fox-it/dissect.xfs | A parser for the XFS file system used by RedHat Linux distributions. | 2 |
securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 148 |