awesome-incident-response
by meirwah
A comprehensive curated list of tools and resources designed to support security analysts and DFIR teams in effective incident response and digital forensics.
A curated list of tools for incident response
Primary Use Case
This repository serves as a centralized resource for security professionals, particularly incident response and digital forensics teams, to discover, evaluate, and utilize a wide range of tools for managing security incidents. It is ideal for those looking to enhance their incident detection, evidence collection, and forensic analysis capabilities through well-organized, categorized toolsets.
- Curated collection of incident response and forensics tools
- Categorized resources including adversary emulation, evidence collection, and log analysis
- Includes all-in-one toolkits and specialized utilities for memory, disk, and process analysis
- Provides references to books, communities, and knowledge bases for DFIR
- Supports multiple platforms including Windows, Linux, and OSX
- Automated URL checking for resource validity
- Integration with MITRE ATT&CK framework for adversary emulation tools
- Includes playbooks and videos for incident response training
- Integrate curated adversary emulation tools with purple team exercises to validate detection and response capabilities.
- Leverage playbooks and training videos to upskill incident response teams and reduce mean time to respond (MTTR).
- Use categorized toolsets to automate evidence collection and forensic analysis during incident investigations.
- Combine with SIEM and SOAR platforms to streamline log analysis and incident management workflows.
- Regularly update the tool list and validate URLs to ensure access to the latest DFIR resources and community knowledge.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about awesome-incident-response. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
mvt
mvt-project/mvt
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
post-mortems
danluu/post-mortems
A collection of postmortems. Sorry for the delay in merging PRs!
Detect-It-Easy
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
howtheysre
upgundecha/howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)
chainsaw
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
tracecat
TracecatHQ/tracecat
All-in-one AI automation platform (workflows, agents, cases, tables) for security, IT, and production engineering teams.