dfircheatsheet.github.io

File Format

• forensicswiki

Windows Event Logs IDs

• ultimatewindowssecurity

Analysis Tools

Automation (Sigma & Yara rules)

• DeepBlueCLI
• ChainSaw
• Zircolite
• APT-Hunter

Manual analysis

• EvtxECmd\
• Event Log Explorer

This site is open source. Improve this page.