OpenProject is a guide on using open-source tools for Incident Response (IR). This repo shares workflows, tool setups, and practical steps for detecting, analyzing, and handling security incidents. It’s made for security pros and anyone interested in building an effective IR toolkit using free…
The main features of debugprivilege/openproject are: Digital Forensics.
Open-source alternatives to debugprivilege/openproject include: a0rtega/pafish — Pafish is an anti-analysis sandbox detector and virtualization environment tester. It serves as a diagnostic utility… ahmedkhlief/apt-hunter — APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT… andrewrathbun/dfirartifactmuseum — DFIR Artifact Museum. andrewrathbun/dfirmindmaps — This is a repository to centralize DFIR-related Mind Maps created with any Mind Mapping suites. The main point of this… anssi-fr/adtimeline — 1. The ADTimeline PowerShell script 1. Description 2. Prerequisites 3. Usage 4. Files generated 5. Custom groups 2.… 504ensicslabs/lime — LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and…
Pafish is an anti-analysis sandbox detector and virtualization environment tester. It serves as a diagnostic utility to identify if a system is running inside a virtual machine or a malware analysis sandbox by executing common anti-analysis techniques. The tool validates the effectiveness of various evasion methods and supports research into sandbox detection. It tests whether a target system can be recognized as a virtualized environment to help improve the stealth of malware analysis environments. Detection is achieved through a variety of behavioral checks, including hardware artifact ana
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisitio