A curated toolkit of tools and playbooks for digital forensics, threat hunting, and blue team operations.
- Volatility – Memory forensics framework.
- Cyber Triage – Incident response and triage tool.
- Velociraptor – Endpoint visibility and digital forensics platform.
- UAC (Linux Artifact Collector) – Collects forensic artifacts on Linux systems.
- THOR – Full-featured scanner for forensic artifacts and IOC detection.
- Velociraptor – Also useful for live threat hunting.
Clone this repository:
git clone https://github.com/EhsanCreator/purple-toolkit.git
cd purple-toolkitFollow the instructions below for your platform to set up the tools.
cd scripts
chmod +x install.sh
./install.shInstalls Python, Git, Volatility3, Velociraptor, and UAC. THOR is commercial and must be downloaded manually.
# Open PowerShell as Administrator
cd path\to\purple-toolkit\scripts
.\install.ps1Installs Python, Git, Velociraptor, and Volatility3. THOR must be downloaded manually. UAC is Linux-only.
- docs/playbooks/ – Step-by-step playbooks for memory forensics, log analysis, and endpoint investigation.
- docs/case-studies/ – Example forensic cases demonstrating toolkit usage.
- examples/ – Sample memory dumps, logs, and reports.
- scripts/ – Installation scripts for Linux and Windows.
- tools/ – Configuration files, rules, or helpers for your tools.
Contributions are welcome!
- Fork the repository
- Create a feature branch (
git checkout -b feature/your-feature) - Make your changes
- Commit (
git commit -m "Add feature") - Push (
git push origin feature/your-feature) - Open a Pull Request