# Digital Forensics and Incident Response > Search results for `Digital Forensics and Incident Response` on awesome-repositories.com. 115 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/digital-forensics-and-incident-response **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/digital-forensics-and-incident-response).** ## Results - [kubeshark/kubeshark](https://awesome-repositories.com/repository/kubeshark-kubeshark.md) (11,954 ⭐) — Kubeshark is a network observability platform designed for Kubernetes environments, functioning as an eBPF-powered engine for cluster-wide traffic analysis. It captures, indexes, and visualizes network activity and API calls directly from the kernel, providing deep visibility into service-to-service communication without requiring sidecar proxies or manual code instrumentation. The platform distinguishes itself through its ability to perform protocol-aware traffic dissection and user-space cryptographic hooking, which allows for the inspection of encrypted traffic and the reconstruction of ap - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [bypass007/emergency-response-notes](https://awesome-repositories.com/repository/bypass007-emergency-response-notes.md) (5,551 ⭐) — Emergency-Response-Notes is a collection of technical reference documentation and playbooks used for performing forensic analysis, incident response, intrusion identification, and malware remediation. It serves as an incident response knowledge base and an intrusion analysis framework to help identify web shells, hidden backdoors, and persistence mechanisms used during security attacks. The project utilizes a case-study-based knowledge base to map real-world attack scenarios to specific mitigation and recovery steps. It provides a digital forensics playbook and a malware remediation guide for - [hneemann/digital](https://awesome-repositories.com/repository/hneemann-digital.md) (5,793 ⭐) — Digital is a comprehensive software platform for the visual design, simulation, and verification of digital logic circuits. It provides an integrated environment where users can construct hardware architectures using hierarchical visual components, define finite state machines, and verify circuit behavior through event-based simulation. The platform serves as a development environment for digital logic, enabling the transition from conceptual design to functional hardware implementation. The tool distinguishes itself through its automated logic synthesis and optimization capabilities, which a - [hsnhk/computer-forensics](https://awesome-repositories.com/repository/hsnhk-computer-forensics.md) (173 ⭐) — Curated list of awesome free forensic analysis tools and resources. Computer Forensics Distributions Frameworks Memory Forensics Network Forensics Live Forensics IOC Scanner Imaging Windows Artifacts OS X Forensics Mobile Forensics Docker Forensics Picture Analysis Metadata Forensics… - [jivoi/awesome-osint](https://awesome-repositories.com/repository/jivoi-awesome-osint.md) (26,831 ⭐) — This project is a comprehensive, community-curated directory of resources and methodologies for open-source intelligence gathering. It serves as a centralized reference framework for researchers, providing a structured index of specialized tools, databases, and search techniques used to collect and analyze publicly available information from across the global internet. The directory distinguishes itself through a hierarchical taxonomy that organizes complex investigative domains, ranging from cyber threat intelligence and digital forensic investigation to geospatial analysis and operational s - [soufianetahiri/digital-forensics-incident-response](https://awesome-repositories.com/repository/soufianetahiri-digital-forensics-incident-response.md) (14 ⭐) — Digital Forensics and Incident Response - [mvt-project/mvt](https://awesome-repositories.com/repository/mvt-project-mvt.md) (12,481 ⭐) — This project is a command-line forensic toolkit designed for the investigation and security auditing of mobile devices. It provides a framework for collecting system logs, application data, and forensic artifacts to identify potential security breaches, unauthorized access, or evidence of malicious activity. The utility employs a modular extraction architecture that parses diverse file formats and system logs into a standardized, normalized data structure. By utilizing this unified format, the tool performs both heuristic analysis of system metadata and pattern matching against structured thr - [counteractive/incident-response-plan-template](https://awesome-repositories.com/repository/counteractive-incident-response-plan-template.md) (783 ⭐) — A concise, directive, specific, flexible, and free incident response plan template - [johnng007/live-forensicator](https://awesome-repositories.com/repository/johnng007-live-forensicator.md) (624 ⭐) — Cross-platform Incident Response & Live Forensics Toolkit Windows (PowerShell) | Linux (Bash) | macOS (Shell) - [rshipp/awesome-malware-analysis](https://awesome-repositories.com/repository/rshipp-awesome-malware-analysis.md) (13,864 ⭐) — This project is a comprehensive, community-driven directory of open-source tools, datasets, and documentation for malware analysis and cybersecurity research. It serves as a centralized index for security professionals and researchers to locate resources for investigating, reverse engineering, and analyzing malicious software. The directory organizes information through a structured taxonomy, covering specialized domains such as memory forensics, network traffic inspection, and honeypot threat research. By aggregating links to external utilities and frameworks, it provides a platform-agnostic - [goreleaser/goreleaser](https://awesome-repositories.com/repository/goreleaser-goreleaser.md) (15,897 ⭐) — GoReleaser is a release automation tool for building, packaging, and distributing Go binaries across multiple platforms and architectures. It functions as a cross-compilation build pipeline and binary distribution orchestrator that manages the end-to-end lifecycle of versioned software releases. The tool utilizes a declarative configuration pipeline based on a YAML definition file to automate the Go toolchain. It links Git tags to the compilation process, allowing for automated version tagging and the injection of build metadata and version strings into binaries via linker flags. Its capabil - [withsecurelabs/chainsaw](https://awesome-repositories.com/repository/withsecurelabs-chainsaw.md) (3,446 ⭐) — Chainsaw is a Windows forensic analysis tool used for parsing system databases and extracting security artefacts. It functions as a forensic artefact extractor and a scanner for identifying security threats and log tampering within Windows event logs. The project distinguishes itself by implementing a Sigma rule forensic scanner that applies standardized detection logic and custom rule sets to event logs and forensic artefacts. It enables threat hunting workflows by matching event data against patterns to identify malicious activity, lateral movement, and brute force attacks. The tool's capa - [cheeriojs/cheerio](https://awesome-repositories.com/repository/cheeriojs-cheerio.md) (30,386 ⭐) — Cheerio is an HTML and XML parsing library and server-side DOM implementation. It functions as a markup manipulation tool and CSS selector engine, allowing users to parse, query, and modify HTML or XML documents in non-browser environments. The project provides a DOM-like tree representation of markup strings, enabling programmatic addition, removal, and modification of elements and attributes. It features a prototype-based plugin system that allows the extension of core functionality by adding custom methods to the document prototype. The library covers a broad range of capabilities includi - [easttimor/aws-incident-response](https://awesome-repositories.com/repository/easttimor-aws-incident-response.md) (377 ⭐) — Investigation of API activity using Athena and notification of actions using EventBridge - [cachethq/cachet](https://awesome-repositories.com/repository/cachethq-cachet.md) (14,932 ⭐) — Cachet is a self-hosted, open-source status page system designed to communicate service uptime, incident history, and infrastructure performance to end users. It provides a centralized dashboard for managing the operational lifecycle of system components, tracking service disruptions, and scheduling maintenance windows. The platform distinguishes itself through a comprehensive RESTful API that enables programmatic status page management and automated incident reporting. It supports deep integration with external monitoring tools, allowing for the synchronization of performance metrics and the - [aws-samples/aws-incident-response-runbooks](https://awesome-repositories.com/repository/aws-samples-aws-incident-response-runbooks.md) (1,061 ⭐) — These playbooks are provided as templates for organizations building incident response capability on AWS. They should be customized to suit your specific needs, risks, available tools, and work processes. These guides are not official AWS documentation and are provided as-is. - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating ext - [meirwah/awesome-incident-response](https://awesome-repositories.com/repository/meirwah-awesome-incident-response.md) (8,821 ⭐) - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It - [bee-san/ciphey](https://awesome-repositories.com/repository/bee-san-ciphey.md) (21,454 ⭐) — Ciphey is an automated decryption and data obfuscation tool designed to identify and reverse complex, multi-layered encoding schemes. By utilizing statistical analysis and probability scoring, the system automatically detects unknown data formats and recovers human-readable plaintext from obfuscated input strings without requiring manual algorithm specification. The tool distinguishes itself through a recursive pipeline that processes nested data structures and strips formatting anomalies or invisible characters to ensure consistent input. It employs a heuristic search and multithreaded execu - [bmad-code-org/bmad-method](https://awesome-repositories.com/repository/bmad-code-org-bmad-method.md) (49,528 ⭐) — BMAD-METHOD is a multi-agent orchestration framework designed to automate the entire software development lifecycle. It functions as a programmable engine that coordinates autonomous agents to handle complex tasks, ranging from initial requirement elicitation and project planning to code generation and system maintenance. By embedding architectural constraints into a central context file, the system ensures that all automated actions remain aligned with project goals and organizational standards. The platform distinguishes itself through an adversarial review process, where a dual-agent syste - [cyb3rfox/aurora-incident-response](https://awesome-repositories.com/repository/cyb3rfox-aurora-incident-response.md) (1,060 ⭐) - [bishopfox/unredacter](https://awesome-repositories.com/repository/bishopfox-unredacter.md) (8,351 ⭐) — Unredacter is a computer vision text reconstructor and image forensics utility designed to recover hidden characters from pixelated images. It functions as a tool for reversing pixelation to identify text within obscured visual blocks. The system uses a process of comparing pixelated image blocks against rendered candidate characters that match the typographic styles of the target text. This allows for the reconstruction of obscured information through automated visual analysis. The project covers capabilities for digital forensics analysis, image redaction testing, and information leakage a - [honojs/hono](https://awesome-repositories.com/repository/honojs-hono.md) (30,994 ⭐) — Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js. - [veeral-patel/incidents](https://awesome-repositories.com/repository/veeral-patel-incidents.md) (70 ⭐) — INCIDENTS is a web-based tool for incident response, just like TheHive. - [velocidex/velociraptor](https://awesome-repositories.com/repository/velocidex-velociraptor.md) (3,769 ⭐) — Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o - [mikeroyal/digital-forensics-guide](https://awesome-repositories.com/repository/mikeroyal-digital-forensics-guide.md) (2,436 ⭐) - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis - [cscorza/analisi-digital-forense](https://awesome-repositories.com/repository/cscorza-analisi-digital-forense.md) (175 ⭐) — INDICE - [sleuthkit/autopsy](https://awesome-repositories.com/repository/sleuthkit-autopsy.md) (3,015 ⭐) — Autopsy is a digital forensic analysis platform and evidence management suite used to process disk images and file systems. It provides a graphical interface for performing deep forensic examinations of computer hard drives to identify and extract digital artifacts for investigations. The platform is built as a Java-based forensic framework that integrates native libraries to perform direct disk image analysis. It utilizes a modular architecture, allowing for the extension of data ingestion and report generation through the use of plugins. The system manages digital evidence within a central - [flowiseai/flowise](https://awesome-repositories.com/repository/flowiseai-flowise.md) (53,641 ⭐) — Flowise is a low-code platform designed for building and deploying complex language model workflows through a visual, node-based interface. It functions as an orchestrator for autonomous multi-agent systems, allowing users to construct conversational pipelines by connecting language models, memory stores, and external tools on a drag-and-drop canvas. The platform distinguishes itself through its support for sophisticated agentic patterns, including supervisor-worker delegation and iterative reasoning strategies. Users can design directed acyclic graphs to manage conditional branching, state p - [alessandroz/lazagne](https://awesome-repositories.com/repository/alessandroz-lazagne.md) (10,867 ⭐) — LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital - [datatables/datatables](https://awesome-repositories.com/repository/datatables-datatables.md) (7,408 ⭐) — DataTables is a feature-rich HTML table library that transforms static HTML tables into interactive data grids with sorting, paging, filtering, and server-side processing support. It provides a client-side rendering engine that handles table rows, pagination, and sorting entirely in the browser, while also offering a server-side processing pipeline that offloads sorting, filtering, and paging operations to a backend for efficient handling of large datasets. The library distinguishes itself through its plugin-based extension system, which allows custom functions and widgets to modify table beh - [sbilly/awesome-security](https://awesome-repositories.com/repository/sbilly-awesome-security.md) (14,022 ⭐) — This project is a comprehensive, curated directory of cybersecurity resources, software, and documentation designed to support system and network protection. It serves as a centralized knowledge base and index for security professionals, aggregating industry-standard practices and open-source tools across a wide range of technical domains. The repository distinguishes itself by providing a structured collection of methodologies and frameworks for security operations. It covers critical areas including threat intelligence, digital forensics, infrastructure auditing, and vulnerability assessmen - [jorgencr/alternative-and-responsible-investments](https://awesome-repositories.com/repository/jorgencr-alternative-and-responsible-investments.md) (9 ⭐) — Code and support files for ICM296 - Alternative and Responsible Investments - [dominicbreuker/stego-toolkit](https://awesome-repositories.com/repository/dominicbreuker-stego-toolkit.md) (2,636 ⭐) — This project is a steganography analysis toolkit and digital forensics suite designed to detect, extract, and embed hidden data within image and audio files. It provides a dockerized security environment that bundles various analysis tools into a containerized workspace, including a media spectrogram visualizer for revealing visually hidden patterns. The toolkit features a dedicated brute force system for recovering password-protected messages using automated wordlists and candidate password testing. It distinguishes itself by providing rule-based wordlist generation that uses expansion patte - [elysiajs/elysia](https://awesome-repositories.com/repository/elysiajs-elysia.md) (18,531 ⭐) — Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s - [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures. The system distinguishes itself through - [jekil/awesome-hacking](https://awesome-repositories.com/repository/jekil-awesome-hacking.md) (3,746 ⭐) — This project is a curated, version-controlled directory of software and resources designed for cybersecurity professionals and researchers. It functions as a centralized knowledge base that aggregates and organizes external security utilities into a structured taxonomy to facilitate discovery and access for specialized research and testing tasks. The repository distinguishes itself through a community-driven model where external resource locations are verified and maintained by contributors. By leveraging a distributed version control system, the project ensures the historical integrity and c - [monzo/response](https://awesome-repositories.com/repository/monzo-response.md) (1,558 ⭐) — Dealing with incidents can be stressful. On top of dealing with the issue at hand, responders are often responsible for handling comms, coordinating the efforts of other engineers, and reporting what happened after the fact. Monzo built Response to help reduce the pressure and cognitive burden… - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a - [redaelli/imago-forensics](https://awesome-repositories.com/repository/redaelli-imago-forensics.md) (268 ⭐) — Imago is a python tool that extract digital evidences from images recursively. This tool is useful throughout a digital forensic investigation. If you need to extract digital evidences and you have a lot of images, through this tool you will be able to compare them easily. Imago allows to… - [apsdehal/awesome-ctf](https://awesome-repositories.com/repository/apsdehal-awesome-ctf.md) (11,614 ⭐) — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert pr - [labstack/echo](https://awesome-repositories.com/repository/labstack-echo.md) (32,451 ⭐) — Echo is a high-performance, lightweight web framework for Go designed for building scalable RESTful APIs and web services. It provides a centralized environment for mapping network requests to handler functions, utilizing a fast radix-tree routing engine to ensure efficient request dispatching. The framework is built around a modular, middleware-centric pipeline that allows developers to execute reusable logic for cross-cutting concerns like authentication, logging, and security across the entire application. What distinguishes Echo is its focus on developer productivity through structured da - [keikoproj/kube-forensics](https://awesome-repositories.com/repository/keikoproj-kube-forensics.md) (232 ⭐) — kube-forensics allows a cluster administrator to dump the current state of a running pod and all its containers so that security professionals can perform off-line forensic analysis. - [preed/incident-lifecycle-model](https://awesome-repositories.com/repository/preed-incident-lifecycle-model.md) (43 ⭐) — A lifecycle model for describing incident management - [radare/radare2](https://awesome-repositories.com/repository/radare-radare2.md) (24,129 ⭐) — radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p - [encode/django-rest-framework](https://awesome-repositories.com/repository/encode-django-rest-framework.md) (30,083 ⭐) — Django REST Framework is a toolkit for building standards-compliant web services that map complex data models to structured HTTP responses. It provides a modular architecture for handling the request lifecycle, including authentication, permission checks, and content negotiation. The framework is designed to facilitate the development of robust APIs by transforming complex data types into native formats and validating incoming request payloads against defined schemas. The project distinguishes itself through a highly modular, class-based design that allows developers to build complex views an - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup