Tag Archives: DFIR
sbag – TZWorks Windows ShellBag Parser
sbag is a Windows registry parser that targets the Shellbag subkeys to pull useful directory and file artifacts to help identify user activity.
Emailchemy – Email Migration Software
Emailchemy converts email from the closed, proprietary file formats of the most popular (and many of yesterday’s forgotten) email applications to standard
Kirjuri – Web application to Manage Forensic Evidence
Kirjuri is a digital forensic evidence item management system. It is a web application designed to help forensic teams manage, track and report devices delivered for forensic examination.
Skadi – DFIR Framework to Collect Process and Hunt
Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines.
MIG – Real-time IR and Investigation Platform
Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.
DFIRtriage – Windows-based Incident Response Tool
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.
BT3 – Blue Team Training Toolkit
Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.