Diffy (DEPRECATED)
Diffy has been deprecated at Netflix. This software is no longer maintained or supported. Diffy is a digital forensics and incident response (DFIR) tool that was developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers. It's called "Diffy" because it helps a human investigator to identify the differences between instances, and because Alex pointed out that "The Difforensicator" was unnecessarily tricky. See Releases for recent changes. See our Read the Docs site for well-formatted documentation. Supported Technologies: AWS (AWS Systems Manager / SSM), Local osquery. Each technology has its own plugins for targeting, collection, and persistence. Features: Efficiently highlights outliers in security-relevant instance behavior. For example, you can use Diffy to tell you which of your instances are listening on an unexpected port.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.
A utility package that monitors hard drive health through SMART technology to detect and prevent disk failures before data loss occurs.
A free, open source collection of tools for forensic artifact and image analysis.
Digital investigation tool for extracting forensic data from computers and managing investigations.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
MFT and USN parser for direct extraction in filesystem timeline format with YARA rule support.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.