Tag Archives: DFIR

DFIRtriage – Windows-based Incident Response Tool

DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host.

BT3 – Blue Team Training Toolkit

Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.

pcapfex – Packet CAPture Forensic Evidence eXtractor

pcapfex 'Packet CAPture Forensic Evidence eXtractor' is a tool that finds and extracts files from packet capture files.

Cyphon – Incident Management and Response Platform

Cyphon is an incident-response platform that receives, processes, and triages events to create a more efficient analytic workflow

Timesketch – Collaborative Forensic Timeline Analysis

Timesketch is an open source tool for collaborative forensic timeline analysis.

ImageUSB – Write an Image To Multiple USB Flash Drives

ImageUSB is a free utility which lets you write an image concurrently to multiple USB Flash Drives.

SysTools E01 Viewer – Forensically Examine .E01 Files

SysTools E01 Viewer is a tool that allows user to search and open an E01 file which can be produced when creating an image from a system.