Custom DFIR

This page summarizes the projects mentioned and recommended in the original post on /r/computerforensics
Forensics Timeline incident-response forensics-investigations Parsing

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • yarp

    Yet another registry parser (by msuhanov)

    • Use yarp. It includes a module to access hives on a live system.

  • srum-dump

    A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

    • FGET can get the locked files for you. https://github.com/MarkBaggett/srum-dump/blob/master/FGET.exe

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • velociraptor

    Digging Deeper....

    • However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.

  • plaso

    Super timeline all the things

    • However, what you are trying to do has already been done. For collections look at velociraptor's offline collector https://github.com/Velocidex/velociraptor. For processing check out Log2Timeline (plaso) https://github.com/log2timeline/plaso.

  • timesketch

    Collaborative forensic timeline analysis

    • Want to put those processed plaso files in an elasticsearch instance check out Timesketch - https://github.com/google/timesketch.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • I feel like I'm putting the cart before the horse. Noob question.

    1 project | /r/crowdstrike | 2 Feb 2023

  • Solving a child porn case (student environment)

    2 projects | /r/computerforensics | 23 Oct 2021

  • How to carry out mass Digital Forensic Collections using open source tools?

    1 project | /r/computerforensics | 6 Dec 2023

  • NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild

    3 projects | news.ycombinator.com | 7 Sep 2023

  • Windows, macOS, Linux vulnerability Scanner or Script

    2 projects | /r/cybersecurity | 11 Jul 2023