Skip to content
@dfir-dd

dfir-dd

README.md

DFIR-DD Team Site

Who are we?

A team of incident responders and forensic analysts, currently working at BDO Cyber Security in Dresden.

Need to contact us? Send a mail to [email protected].

Our tools

Tool What does it do ?
DFIR Toolkit Collection of CLI tools for Windows forensic analysis
dionysos Scanner for various IoCs, esp. yara-based
Dissect Triage A binary to collect triage data from Windows Systems, based on dissect
Kirby Parse several forensic artifacts from a windows (triage) image, based on dissect

Popular repositories Loading

  1. dfir-toolkit dfir-toolkit Public

    CLI tools for forensic investigation of Windows artifacts

    Rust 326 26

  2. incident-response-playbooks incident-response-playbooks Public

    Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents

    38 3

  3. dionysos dionysos Public

    Scanner for certain IoCs

    Rust 11 2

  4. nt-hive2 nt-hive2 Public

    Windows registry parser library build upon BinRead

    Rust 7 2

  5. kirby kirby Public

    A script to parse several forensic artifacts of given windows (triage) images, using dissect

    Python 1

  6. velociraptor-artifacts velociraptor-artifacts Public

    Custom Artifacts for Rapid7 Velociraptor Software

    1

Repositories

Showing 10 of 12 repositories
  • dionysos Public

    Scanner for certain IoCs

    Rust 11 GPL-3.0 2 1 0 Updated Jan 29, 2025
  • dfir-toolkit Public

    CLI tools for forensic investigation of Windows artifacts

    Rust 326 GPL-3.0 26 2 0 Updated Nov 1, 2024
  • packer Public

    Packer Templates to build vagrant base boxes

    Shell 1 0 0 0 Updated Oct 30, 2024
  • dfir-scripts Public
    Shell 0 GPL-3.0 0 2 0 Updated Oct 27, 2024
  • pr Public

    Public relations stuff

    0 0 0 0 Updated Jul 30, 2024
  • nt-hive2 Public

    Windows registry parser library build upon BinRead

    Rust 7 GPL-3.0 2 2 0 Updated Jul 17, 2024
  • dissect-triage Public

    Triage-Tools based on dissect

    Python 0 0 0 0 Updated May 31, 2024
  • kirby Public

    A script to parse several forensic artifacts of given windows (triage) images, using dissect

    Python 1 GPL-3.0 0 0 0 Updated May 31, 2024
  • .github Public

    DFIR DD team site

    0 0 0 0 Updated May 21, 2024
  • incident-response-playbooks Public

    Digital Forensic Analysis and Incident Response Playbooks to handle real world security incidents

    38 CC-BY-SA-4.0 3 0 0 Updated Apr 25, 2024
View all repositories