dfir-automation topic
BlueCloud
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
epagneul
Graph Visualization for windows event logs
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
rip_raw
Rip Raw is a small tool to analyse the memory of compromised Linux systems.
hashlookup-forensic-analyser
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
SimpleImager
Simple Imager has been created for performing live acquisition of Windows based systems in a forensically sound manner
varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
hashlookup-server
Fast lookup server for NSRL and other hash database used in digital forensic
Velociraptor_Azure
A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.