diff --git a/DFIR-O365RC/Get-AADApps.ps1 b/DFIR-O365RC/Get-AADApps.ps1
index 30fba86..0efed40 100755
--- a/DFIR-O365RC/Get-AADApps.ps1
+++ b/DFIR-O365RC/Get-AADApps.ps1
@@ -50,6 +50,8 @@
     "Getting all service principals"   | Write-Log -LogPath $logfile 
     $uriSP = "https://graph.microsoft.com/v1.0/servicePrincipals/"
     $ALLServicePrincipals = Get-RestAPIResponse -RESTAPIService "MSGraph" -uri $uriSP  -logfile $logfile -app $app -user $user
+    $sp_outputfile = $foldertoprocess + "\AADApps_" + $tenant + "_service_principals_raw.json"
+    $ALLServicePrincipals | ConvertTo-Json -Depth 99 |  out-file $sp_outputfile -encoding UTF8 
 
     $EnrichedSPEvents = @()
     $UniqServicePrincipals = $SPEvents | Select-Object -ExpandProperty targetResources | Group-Object -Property id
@@ -145,6 +147,9 @@
     #merge existing and deleted Apps
     $ALLApps += $DelApps
 
+    $apps_outputfile = $foldertoprocess + "\AADApps_" + $tenant + "_applications_raw.json"
+    $ALLApps | ConvertTo-Json -Depth 99 |  out-file $apps_outputfile -encoding UTF8 
+
     $EnrichedAppEvents = @()
     $UniqApps = $AppEvents| Select-Object -ExpandProperty targetResources | Group-Object -Property id
     #Loop through Apps present in activity logs
diff --git a/DFIR-O365RC/Search-O365.ps1 b/DFIR-O365RC/Search-O365.ps1
index 39f3493..51223c8 100644
--- a/DFIR-O365RC/Search-O365.ps1
+++ b/DFIR-O365RC/Search-O365.ps1
@@ -1,4 +1,4 @@
-Function Search-O365 {
+Function Search-O365 {
 
     <#
     .SYNOPSIS
@@ -79,10 +79,11 @@ Function Search-O365 {
     $sessionName = "EXO_" + [guid]::NewGuid().ToString()
     $tenant = ($token.Account.UserName).split("@")[1]
     $outputdate = "{0:yyyy-MM-dd}" -f ($datetoprocess)
+    $actualdate = $(get-date -f yyyy-MM-dd-hh-mm-ss)
     $foldertoprocess = $unifiedauditfolder + "\" + $datetoprocess
     if ((Test-Path $foldertoprocess) -eq $false){New-Item $foldertoprocess -Type Directory}
 
-    $outputfile = $foldertoprocess + "\UnifiedAuditLog_" + $tenant + "_" + $outputdate + "_" + $requesttype + ".json"
+    $outputfile = $foldertoprocess + "\UnifiedAuditLog_" + $tenant + "_" + $outputdate + "_" + $requesttype + "_" + $actualdate + ".json"
     $commandNames = "Search-UnifiedAuditLog","Search-MailboxAuditLog"
     Connect-EXOPsearchUnified -token $token -sessionName $sessionName -logfile $logfile -commandNames $commandNames