Skip to content

Releases: andranglin/Cerberus

Cerberus v1.0 - Initial Release

08 Jan 07:31
@andranglin andranglin
v1.0
cd3998c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Cerberus v1.0 - Initial Release Latest
Latest

Cerberus v1.0 - Initial Public Release

Cerberus is a modular, agent-less forensic triage framework designed for Incident Response teams. It orchestrates proven open-source tools to enable rapid live response and artifact collection on Windows systems with a minimal footprint.

Key Features:

  • Platform support: Windows (PowerShell)
  • Windows artifact collection via Volume Shadow Copy Service (VSS) to bypass file locks
  • Integrated parsing with Eric Zimmerman's EZTools (Amcache, Shimcache, Registry → CSV)
  • Browser forensics for Chrome, Edge, and Brave using Hindsight
  • Remote memory acquisition with DumpIt or Magnet RAM Capture (Microsoft)

Core Modules:

  • Invoke-WinArtifacts
  • Supporting modules for memory capture, browser parsing, and EZTools integration

Setup:

  1. Clone the repository
  2. Unblock PowerShell scripts: Unblock-File -Path *.ps1
  3. Run ./Initialize-Cerberus.ps1 to create the support Tools folder and subfolders
  4. Download and place required external tools (EZTools, DumpIt, Magnet RAM Capture, Hindsight) in the Tools/ directory
  5. Run ./Cerberus_Console.ps1 to launch

Part of the RootGuard ecosystem. Full documentation available at: https://rootguard.gitbook.io/cyberops

MIT licensed • Use responsibly in authorised environments only.

Assets 2
Loading