Usefully PowerShell scripts
BestPracites_Windows_Check.ps1 - check PowerShell Module Logging, ScriptBlockLogging, Transcription Logging, Windows Credential Guard, UAC.
Powershell_logging_check.ps1 - collect suspicious logs (4103 & 4104) with code blocks and PowerShell history and pack to powerShell_logs.txt
Powershell_logging_check.ps1 script can help to find malicious activity:
SecureBoot_checker.ps1 - check your secure boot policies for prevent bootkit/rootkit runs.
Before use this script, you must install PowerShell PowerForensics module.
RecycleBin_File_Recovery.ps1 - allow to recover recent deleted files with different extenstions and size (before~4GB!), work for both resident and non-resident files.
WindowsEvtxAndPrefetchFileRecovery.ps1 - Can help investigators to recover deleted Prefetch and Evtx files. Script gain information about deleted files from $mft and build them.
