A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
-
Updated
Oct 4, 2025 - Python
#
dfir-tools
Here are 22 public repositories matching this topic...
MacOS forensic acquisition made simple
-
Updated
Jul 26, 2025 - Python
Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS.
-
Updated
Nov 10, 2025 - Python
Automatically create iSCSI targets for all drives except for a boot device
-
Updated
May 23, 2025 - Python
Cryptocurrency Discovery and Triage Tool - Identify multiple cryptocurrency addresses and transactions from various wallet applications!
dfir cryptocurrency digital-forensics triage wallets blockchain-forensics cryptocurrency-addresses digital-forensics-incident-response digitalforensics cryptocurrency-forensics forensics-tools dfir-tools cryptocurrency-discovery
-
Updated
Jan 9, 2026 - Python
A deployment and testing platform for Velociraptor's client artifacts
dfir artifacts velociraptors velociraptor dfir-automation velociraptorir dfir-tools velociraptor-query-language
-
Updated
Jul 7, 2025 - Python
Yerel ağlarda anomaly detection, saldırı tespiti ve adli bilişim analizi yapan tek Pythontkinter tabanlı açık kaynak araç. Özelleştirilebilir imza veritabanıyla Türkiye odaklı tehditleri yakalar!
-
Updated
May 31, 2025 - Python
AWMFA - Automated Windows Memory Forensics Analysis. Python automation framework for Volatility 2 that streamlines memory analysis. Features: automated plugin execution with threading, intelligent threat detection using 28+ heuristics, no deep Windows internals knowledge required, multi-format reports (TXT/HTML/PDF).
incident-response dfir cybersecurity malware-analysis digital-forensics memory-analysis automated-analysis volatility forensic-analysis memory-forensics security-tools incident-response-tooling dfir-automation windows-forensics forensics-tools windows-memory dfir-tools
-
Updated
Nov 8, 2025 - Python
-
Updated
Nov 11, 2024 - Python
A forensic command-line tool for deep analyzing PDF files
-
Updated
Apr 3, 2025 - Python
Convert Kape Files to DFIR-ORC configurations
-
Updated
Aug 26, 2024 - Python
bfcpf stands for "Brute Force CPF" and it is a CLI tool that breaks a partial CPF, finding all valid ones within the pattern given by the user.
-
Updated
Sep 7, 2024 - Python
OpenRelik ertools worker
-
Updated
Jun 23, 2025 - Python
Unified cases, seamless integrations
-
Updated
Dec 17, 2025 - Python
Minimalist Collaborative Malware DB Management
-
Updated
Dec 17, 2025 - Python
Collaborative Forensic Collections Manager
-
Updated
Dec 17, 2025 - Python
TruxTrace is a Linux user simulation tool that emulates realistic command-line behavior for single and multiple users. It’s designed for learning, testing, and digital forensics, generating artifacts like logs and histories to replicate real-world usage scenarios.
python linux docker dockerfile automation python3 dfir artifacts artifact dfir-automation digitalforensics digitalforensic dfir-tools
-
Updated
Jun 1, 2025 - Python
YaFT2 - Yet Another Forensic Tool
-
Updated
Dec 23, 2025 - Python
Wuodan is a command-line tool designed for efficiently searching through files and directories for strings or regular expressions
-
Updated
Aug 6, 2025 - Python
This tool monitors Velociraptor's syslog messages for specific actions performed by users within the Velociraptor DFIR platform. When certain patterns are detected, it sends detailed email notifications to designated recipients, providing enhanced visibility into user activities and potential security events.
automation logs syslog dfir syslog-server syslog-messages syslog-client velociraptor dfir-automation syslog-parser dfir-tools velociraptor-syslog
-
Updated
May 2, 2025 - Python
Improve this page
Add a description, image, and links to the dfir-tools topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir-tools topic, visit your repo's landing page and select "manage topics."