Free Resources

Curated Lists

Guides and FAQ

NIST Computer Security Incident Handling Guide (800-61r2)
- https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Forms and Templates

Security Policy Templates
- https://www.sans.org/information-security-policy/?per-page=100

Reference Materials and Cheat Sheets

Jai Minton's DFIR Cheat Sheet
- https://www.jaiminton.com/cheatsheet/DFIR/#persistence-and-automatic-loadrun-reg-keys
CISA Incident Response Series
- https://www.youtube.com/playlist?list=PL-BF3N9rHBLJaSbTRPyWYj56f0m2uDQD7
s0cm0nkeys Security Reference Guide
- https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/

Live Forensics Tools

Google Rapid Response (GRR)
- https://github.com/google/grr
Meerkat
- https://github.com/TonyPhipps/Meerkat

Offline Forensics Tools

log2timeline & Plaso
Timesketch
- http://timesketch.org/
- https://github.com/google/timesketch
Autopsy
- https://www.autopsy.com/
Timeline Explorer
- https://ericzimmerman.github.io/#!index.md
apfs-fuse
- https://github.com/sgan81/apfs-fuse
Hayabusa
- https://github.com/Yamato-Security/hayabusa
Takanjo
- https://github.com/Yamato-Security/takajo

Non-Free Resources

Courses

SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/
SANS SEC555: SIEM with Tactical Analytics
- https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/
SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/