DFIR
Click on headings to expand:
Frameworks, Toolkits and VM’s
SANS SIFTWorkstation
SOF-ELK VM (Network Analysis)
REMnux VM (Malware Analysis)
Malware Tools & Resources
Kali Linux
Slingshot
Forensic Toolkit FTK
The Sleuth Kit & Autopsy
EnCase
C.A.I.N.E (Computer Aided INvestigative Environment)
CyberTriage
Belkasoft Evidence Center
Nirsoft Forensics Tool List
Eric Zimmerman Tool List
Bento Portable Forensics toolkit
Nirsoft Portable Forensics toolkit
SANS Free Tool Lists (PDF)
Sysinternal tools download
Windows Evidence Collection Tools
<
Kroll Artifact Parser And Extractor (KAPE)
Magnet Process Capture
Magnet RAM Capture
DumpIt - Dump Memory
Winpmem - Memory acquisition tools
FTK Imager
Crowdresponse
Bulk Extractor
LastActivityView
USB Historian
Network Analysis Tools
Wireshark
Network Miner
Packet Total
Powershell IR Tools
DeepBlueCLI
Kansa
ARTHIR
Registry Analysis Tools
Registry Explorer
RegRipper 2.8
ShellBags Explorer
AmcacheParser
AppCompatCacheParser
Jump List parser
JumpList Explorer
RecentFileCacheParser
“$” Files Analysis Tools
MFTExplorer ($MFT)
MFTECmd
INDXParse
UsnJrnl2Csv
ANJP Parser
Logs Analysis Tools
Event Log Explorer
Log Parser
Evtx Explorer/EvtxECmd
Processes And Memory Acquire/Analysis Tools
Volatility - Memory Forensics (GUI)
memoryze
Redline
Magnet Process Capture
Magnet RAM Capture
Volatility - Memory Forensics
DumpIt - Dump Memory
Winpmem - Memory acquisition tools
FTK Imager
Browser History Analysis Tools
Visual Browser History - Chrome
DB Browser for SQLite
Nirsoft Web Browsers Tools
BrowsingHistoryView
OS Forensics
Magnet IEF (Internet Evidence Finder)
Browser History Viewer
DFIR Tools
DensityScout - Density check
Exiftool
PEscan
Sigcheck
Log2Timeline
LOG-MD
Cyber Chef
Malware Blocklist
Malware Bazaar
FeodoTracker
I Got Phished
SSL Blacklist
URLhaus
Zeltser Blocklists
Spootle Blacklist
Threatshub
Tools & Websites
Last Activity View - Nirsoft
Browser History view
My Last Search
Arsenal Image mounter
Nmap
Online Sandbox
SSL Server Test
SANS-Cheat Sheets
MALWARE ANALYSIS CHEAT SHEET
ANALYZING MALICIOUS DOCUMENTS
Plaso Filtering
Eric Zimmerman tools
Rekall Memory Forensic Framework
SIFT WORKSTATION
Linux Shell Survival Guide
Hex File Headers and Regex for Forensics
Memory Forensics Cheat Sheet
TCP/IP and tcpdump
PowerShell Cheat Sheet
Windows Command Line
Nmap Cheat Sheet
Google Hacking and Defense
Finding Unknown Malware
Evidence Collection
SANS-Posters
Dont get Hooked
Memory Forensics Analysis
Hunt Evil
Windows Forensic Analysis
You are a Target
Know Normal - Find Evil
Advanced Smart Phone forensics
Windows Forensic Analysis
Pen-test-attack-surfaces-tools-techniques
Creating a Cyber Security Home
Protecting healthcare data
SIFT Workstation & REMnux
CISO Mind Map
Penetration Testing
What will your attack look like
Memory Forensics Analysis
Other Cheat Sheets
Pentest Cheatsheets
Windows Red Team Cheat Sheet
WINDOWS LOGGING
Win ADVANCED LOGGING
REGISTRY AUDITING
POWERSHELL LOGGING
SYSMON LOGGING
WIN ATT&CK LOGGING
Digital Forensics Process
DFIR Report Writing
Registry Quick Find Chart
PowerShell Cheat Sheet
Log2Timeline cheat sheet
INITIAL SECURITY INCIDENT
USB Device Tracking Artifacts
WINDOWS FILE AUDITING
IP /URL Lookup
BrightCloud Threat Intelligence
Aliienvault IP Lookup
AbuseDP
DNS Analytics
Domain Blacklist Check
BlackList Alert
IBM XForce
Talos Intelligence
PaloAlto URL check
Other Tools
Draw Network Diagram Online
Check MAC Address
Traceroute
Windows Forensics
KnownfolderID
Windows Memory Analysis with Volatility
Lateral Movement Analysis
Quick Ref to Windows_Processes
Event Log Analysis
Virus / Malware Lookup
VirusTotal
Hybrid-analysis
Cybersecurity Blogs
Forensics Methods
Windows Commands abused by Attackers
Cybersecurity Youtube Channels
13Cubed
SANS DFIR
DFIR Science
PDF Books
Incident Response and Computer Forensics