Meerkat Logo

Meerkat

0
Free
Visit Website

Meerkat is a collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints without requiring a pre-deployed agent. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more. The tool provides a wide range of artifacts such as host information, network adapters, processes, services, files, audit policies, Windows firewall rules, DLLs, local users, ADS, disks, ports, strings, local groups, recycle bin, hotfixes, ARP, handles, scheduled tasks, hosts file, TPM, DNS, environment variables, autoruns, certificates, software, network routes, sessions, Bitlocker, registry, hardware, shares, domain information, defender event logs, drivers, USB history, metadata events related to login failures, user/group management, and more. It also offers ingestion into SIEMs, quick start guides, usage analysis, and troubleshooting tips.

FEATURES

ALTERNATIVES

Comprehensive digital forensics and incident response platform for law enforcement, corporate, and academic institutions.

ForensicMiner, Redefine DFIR Automations

Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.

Exterro is a data risk management platform that optimizes e-discovery, digital forensics, and cybersecurity compliance operations.

A reliable end-to-end DFIR solution for boosting cyber incident response and forensics capacity.

A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.

A command-line utility and Python package for mounting and unmounting various disk image formats with support for different volume systems and filesystems.

Windows event log fast forensics timeline generator and threat hunting tool.

PINNED