cristianzsh

cristianzsh / triager

Public

Triage automation tool

dfir forensics incident-response investigation log-analysis
19
0
100% credibility
Found Feb 17, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Triager is an automation tool that processes Windows computer evidence collections to extract and organize forensic clues for faster incident investigations.

How It Works

1
πŸ” Discover Triager

You hear about Triager while searching for simple ways to investigate suspicious computer activity from a security alert.

2
πŸ“¦ Gather Evidence

Collect files from the affected computer, like logs and system records, into one folder or zip file.

3
πŸš€ Run Triager

Tell Triager where your evidence folder is and pick a spot to save the organized results.

4
✨ Magic Happens

Triager quietly sorts through everything, pulling out timelines, program runs, and security clues into easy-to-read lists.

5
πŸ”Ž Search Clues

Quickly search the results for names of suspicious programs or activities you suspect.

6
πŸ›‘οΈ Check Bad Indicators

Scan results against lists of known troublemakers to spot matches instantly.

7
πŸ€– AI Summary

Generate a smart report that summarizes findings, timelines, and next steps in plain English.

βœ… Investigation Ready

You now have a clear picture of what happened, ready to share or act on without hours of manual digging.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is triager?

Triager is a Python triage automation tool that processes Windows forensic collections from KAPE or Velociraptor, parsing artifacts like event logs, prefetch, Amcache, registry hives, and SRUM into normalized CSV outputs. It orchestrates external tools for evidence extraction and organizes results into an investigation-ready folder structure, complete with CLI search across findings, IOC scans from text files, and optional AI-generated forensic reports via OpenAI. Developers get a streamlined workflow to skip manual tool chaining and heterogeneous parsing.

Why is it gaining traction?

Unlike standalone parsers, triager enforces consistent outputs for faster correlation and pivoting, with built-in search like "PsExec" queries and IOC hunting that spans all artifacts. The config-driven setup adapts to custom triage paths, and standalone Linux/Windows builds via a simple script make it portable without Python hassles. AI report summaries add quick executive insights without leaking data.

Who should use this?

DFIR analysts triaging Windows incidents with KAPE/Velociraptor outputs, SOC responders automating event log and execution artifact hunts, forensic examiners needing unified CSV from heterogeneous tools.

Verdict

Solid niche triage automation tool at 17 stars and 1.0% credibility scoreβ€”early but functional with good README and config examples. Pair it with your toolchain if you handle Windows triage regularly; tweak external tool paths and test on samples first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.