Documentation project for Digital Forensics Artifact Repository
Meerkat is a collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints without requiring a pre-deployed agent. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more. The tool provides a wide range of artifacts such as host information, network adapters, processes, services, files, audit policies, Windows firewall rules, DLLs, local users, ADS, disks, ports, strings, local groups, recycle bin, hotfixes, ARP, handles, scheduled tasks, hosts file, TPM, DNS, environment variables, autoruns, certificates, software, network routes, sessions, Bitlocker, registry, hardware, shares, domain information, defender event logs, drivers, USB history, metadata events related to login failures, user/group management, and more. It also offers ingestion into SIEMs, quick start guides, usage analysis, and troubleshooting tips.
Documentation project for Digital Forensics Artifact Repository
A powerful OSINT tool for creating custom templates for data extraction and analysis
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT) for scoping compromises across cloud instances.
usbdeath is an anti-forensic tool that manipulates udev rules for known USB devices and performs actions on unknown USB device insertion or specific USB device removal.
A library to access and parse OLE 2 Compound File (OLECF) format files.