Skip to content
@dfir-dd

dfir-dd

DFIR-DD Team Site

Who are we?

A team of incident responders and forensic analysts, currently working at BDO Cyber Security in Dresden.

Need to contact us? Send a mail to [email protected].

Our tools

Tool What does it do ?
DFIR Toolkit Collection of CLI tools for Windows forensic analysis
dionysos Scanner for various IoCs, esp. yara-based
Dissect Triage A binary to collect triage data from Windows Systems, based on dissect
Kirby Parse several forensic artifacts from a windows (triage) image, based on dissect

Popular repositories Loading

  1. dfir-toolkit dfir-toolkit Public

    CLI tools for forensic investigation of Windows artifacts

    Rust 320 26

  2. incident-response-playbooks incident-response-playbooks Public

    Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents

    38 3

  3. dionysos dionysos Public

    Scanner for certain IoCs

    Rust 11 2

  4. nt-hive2 nt-hive2 Public

    Windows registry parser library build upon BinRead

    Rust 7 2

  5. kirby kirby Public

    A script to parse several forensic artifacts of given windows (triage) images, using dissect

    Python 1

  6. velociraptor-artifacts velociraptor-artifacts Public

    Custom Artifacts for Rapid7 Velociraptor Software

    1

Repositories

Showing 10 of 12 repositories
  • dfir-toolkit Public

    CLI tools for forensic investigation of Windows artifacts

    dfir-dd/dfir-toolkit’s past year of commit activity
    Rust 320 GPL-3.0 26 1 0 Updated Nov 1, 2024
  • packer Public

    Packer Templates to build vagrant base boxes

    dfir-dd/packer’s past year of commit activity
    Shell 1 0 0 0 Updated Oct 30, 2024
  • dfir-scripts Public
    dfir-dd/dfir-scripts’s past year of commit activity
    Shell 0 GPL-3.0 0 2 0 Updated Oct 27, 2024
  • pr Public

    Public relations stuff

    dfir-dd/pr’s past year of commit activity
    0 0 0 0 Updated Jul 30, 2024
  • nt-hive2 Public

    Windows registry parser library build upon BinRead

    dfir-dd/nt-hive2’s past year of commit activity
    Rust 7 GPL-3.0 2 2 0 Updated Jul 17, 2024
  • dissect-triage Public

    Triage-Tools based on dissect

    dfir-dd/dissect-triage’s past year of commit activity
    Python 0 0 0 0 Updated May 31, 2024
  • kirby Public

    A script to parse several forensic artifacts of given windows (triage) images, using dissect

    dfir-dd/kirby’s past year of commit activity
    Python 1 GPL-3.0 0 0 0 Updated May 31, 2024
  • .github Public

    DFIR DD team site

    dfir-dd/.github’s past year of commit activity
    0 0 0 0 Updated May 21, 2024
  • incident-response-playbooks Public

    Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents

    dfir-dd/incident-response-playbooks’s past year of commit activity
    38 CC-BY-SA-4.0 3 0 0 Updated Apr 25, 2024
  • dionysos Public

    Scanner for certain IoCs

    dfir-dd/dionysos’s past year of commit activity
    Rust 11 GPL-3.0 2 0 0 Updated Apr 1, 2024

Top languages

Loading…

Most used topics

Loading…