Free Resources
Curated Lists
- https://github.com/sbilly/awesome-security
- https://github.com/rshipp/awesome-malware-analysis
- https://github.com/cugu/awesome-forensics
Guides and FAQ
- NIST Computer Security Incident Handling Guide (800-61r2)
- https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
- Security Policy Templates
- https://www.sans.org/information-security-policy/?per-page=100
Reference Materials and Cheat Sheets
- Jai Minton’s DFIR Cheat Sheet
- https://www.jaiminton.com/cheatsheet/DFIR/#persistence-and-automatic-loadrun-reg-keys
- CISA Incident Response Series
- https://www.youtube.com/playlist?list=PL-BF3N9rHBLJaSbTRPyWYj56f0m2uDQD7
- s0cm0nkeys Security Reference Guide
- https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/
- Google Rapid Response (GRR)
- https://github.com/google/grr
- Meerkat
- https://github.com/TonyPhipps/Meerkat
- log2timeline & Plaso
- https://github.com/log2timeline/plaso
- https://github.com/mark-hallman/plaso_filters/blob/master/Plaso_Filtering_Cheat-Sheet_V1.03.pdf
- https://www.sans.org/blog/digital-forensics-sift-ing-cheating-timelines-with-log2timeline/
- https://plaso.readthedocs.io/en/latest/sources/user/Using-log2timeline.html
- Timesketch
- http://timesketch.org/
- https://github.com/google/timesketch
- Autopsy
- Timeline Explorer
- https://ericzimmerman.github.io/#!index.md
- apfs-fuse
- https://github.com/sgan81/apfs-fuse
- Hayabusa
- https://github.com/Yamato-Security/hayabusa
- Takanjo
- https://github.com/Yamato-Security/takajo
Non-Free Resources
Courses
- SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/
- SANS SEC555: SIEM with Tactical Analytics
- https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/
- SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/