Tag Archives: DFIR

sbag – TZWorks Windows ShellBag Parser

sbag is a Windows registry parser that targets the Shellbag subkeys to pull useful directory and file artifacts to help identify user activity.

Emailchemy – Email Migration Software

Emailchemy converts email from the closed, proprietary file formats of the most popular (and many of yesterday’s forgotten) email applications to standard

Kirjuri – Web application to Manage Forensic Evidence

Kirjuri is a digital forensic evidence item management system. It is a web application designed to help forensic teams manage, track and report devices delivered for forensic examination.

Skadi – DFIR Framework to Collect Process and Hunt

Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines.

MIG – Real-time IR and Investigation Platform

Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints.

DFIRtriage – Windows-based Incident Response Tool

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.

BT3 – Blue Team Training Toolkit

Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.