meirwah / awesome-incident-response Goto Github PK

Would you mind renaming the evidence collection sections, so the are grouped together or merge them at all? Other categories don't use the split for the OS.

Currently we have "Evidence Collection", "Linux Evidence Collection", "Windows Evidence Collection" and "OSX Evidence Collection".

We could rename the specifics to "Evidence Collection Linux", "Evidence Collection Windows" etc and move them together in the list so one find them more easily.

And would it be helpful to rename the generic "Evidence Collection" to something more accurate or remove that category and move the items to the OS sections?

The URL for augmentd.co , it's nonoperational. It has either expired for it has been suspended. Either needs to be corrected or deleted from the list...

Hello !
Can you please add this DFIR tool to the list ?
https://github.com/YosfanEilay/ForensicMiner

Thank you !

Suggestion to add VolDiff to the list of memory analysis tools.

VolDiff: Malware Memory Footprint Analysis based on Volatility
https://github.com/aim4r/VolDiff

https://github.com/504ensicsLabs/LiME

Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.

It is currently being used by

• https://github.com/vsouza/awesome-ios
• https://github.com/matteocrippa/awesome-swift
• https://github.com/dkhamsing/open-source-ios-apps

Examples

• https://travis-ci.org/matteocrippa/awesome-swift/builds/96526196 ok ✅
• https://travis-ci.org/matteocrippa/awesome-swift/builds/96722421 link redirected / rename 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/96763135 bad link / project deleted 🔴
• https://travis-ci.org/dkhamsing/open-source-ios-apps/builds/95754715 dupe 🔴

If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml file to the project.

See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment 😄

I have a ton of free stuff here

http://binaryforay.blogspot.com/

they often exceeds what commercial tools can do as well

It was suggested you might be interested in some of the tools mentioned here. I am hoping to find more time to expand on them soon as some of them still need some work to be as useful as I would like.
rshipp/awesome-malware-analysis@f026601

DNSminer.net seems compromised and redirects to www.meinanutshell.com
the IP redirects to http://65.110.2.212/anonymous/

for second incident response playbook link: https://www.incidentresponse.com/playbooks/

http://augmentd.co/ is no longer legitimate and now tries to install bad browser extension(s)

Why is MISP (https://github.com/MISP/MISP) the de facto standard security tool not included?

So, I saw some additions that lean towards forensic analysis, although they can be used in IR. Any guidelines regarding this 'boundary'? From practice I know the boundary is of course quite shallow.

This is a great list. Your readers might also find user reviews for all the major incident management tools on IT Central Station to be helpful.

For example, Everbridge IT Alerting is ranked as the top IT alerting and incident management tool according to our community. You can see what they have to say about this and other solutions here.

*Disclaimer: I work for IT Central Station.