IRTriage | CyberSecTools

IRTriage

0 (0)

Incident Response Triage is a scripted collection tool that automatically runs as an administrator in Windows versions, except WinXP, to gather system information valuable to a Forensic Analyst. It collects system information, network information, registry hives, disk information, and dumps memory, providing fast forensics in situations where a full disk image is not feasible.

Digital Forensics

Free

incident-response forensic-analysis windows memory-dumping

ALTERNATIVES

dfvfs

0 (0)

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.

Digital Forensics

Free

digital-forensics forensic-analysis virtual-file-system file-system file-access

libevtx

0 (0)

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

Digital Forensics

Free

digital-forensics python windows incident-response forensic-analysis event-log

FastIR Collector

0 (0)

Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.

Digital Forensics

Free

json csv windows-forensics

libfwnt

0 (0)

A library for working with Windows NT data types, providing access and manipulation functions.

Digital Forensics

Free

windows library development research

DFTimewolf

0 (0)

A framework for orchestrating forensic collection, processing, and data export.

Digital Forensics

Free

digital-forensics orchestration forensic-analysis

Exiv2

0 (0)

Exiv2 is a C++ library and command-line utility for image metadata manipulation.

Digital Forensics

Free

binary-security security file-analysis hex-dump metadata