Incident Response & Forensics

Dispatch

Incident Response & Forensics

All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!

Tracee

Incident Response & Forensics

A runtime security and forensics tool for Linux environments leveraging eBPF technology.

Velociraptor

Incident Response & Forensics

A powerful tool for endpoint visibility and incident response, leveraging the Velociraptor Query Language (VQL) for customizable data collection.

Timesketch

Incident Response & Forensics

Collaborative forensic timeline analysis

GRR Rapid Response

Incident Response & Forensics

GRR Rapid Response: remote live forensics for incident response

PagerDuty Incident Response Documentation

Incident Response & Forensics

PagerDuty's Incident Response Documentation for managing and responding to major incidents.

AWS Incident Response Playbooks

Incident Response & Forensics

A structured framework for incident response in AWS environments, leveraging native AWS services for log collection, threat detection, and incident management.

Cloud Forensics Utils

Incident Response & Forensics

Python library to carry out DFIR analysis on the Cloud

dfTimewolf

Incident Response & Forensics

A framework for orchestrating forensic collection, processing and data export

TheHive

Incident Response & Forensics

A scalable, open-source security incident response platform that integrates case management, task assignment, and collaboration tools.

DFIR-ORC

Incident Response & Forensics

Forensics artefact collection tool for systems running Microsoft Windows

Sparrow

Incident Response & Forensics

Sparrow.ps1 is a PowerShell script developed by CISA's Cloud Forensics team to detect compromised accounts and applications in Azure and Microsoft 365 environments.