| PowerSponse |
Git |
PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response. |
incident-response, powershell |
|
|
| Trawler |
Git |
PowerShell script helping Incident Responders discover potential adversary persistence mechanisms. |
windows, malware-analysis, threat-hunting |
|
|
| Velociraptor |
GitHub Release |
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints. |
incident-response, forensics, endpoint-detection |
.json, .csv |
Full only |
| white-phoenix |
Python |
White-Phoenix is a tool that recovers content from files encrypted by Ransomware using intermittent encryption. It is designed to help incident responders and forensic analysts to retrieve data from encrypted files when the decryption key is not available. |
ransomware, encryption, decryption, forensics, data-recovery |
.encrypted, .locked, .enc |
|