dfir
Here are 63 public repositories matching this topic...
PowerShell module for creating and managing Sysinternals Sysmon config files.
-
Updated
Jan 14, 2018 - PowerShell
Rex-ing indicators out of unstructured text (like an e-mail)
-
Updated
Jan 23, 2024 - PowerShell
A PowerShell script for remotely disabling active Windows 10/2016 device network interfaces.
-
Updated
Apr 18, 2019 - PowerShell
Powershell script to conduct a recursive hash verification of E01/S01 images in a folder using Windows FTK Imager Command Line Interface tool
-
Updated
Nov 7, 2020 - PowerShell
This script allows for incident responders to scope specific indicators of compromise
-
Updated
Oct 15, 2019 - PowerShell
Manage loki scans over a large network.
-
Updated
Dec 9, 2020 - PowerShell
-
Updated
May 11, 2021 - PowerShell
Windows network host hunting at scale!
-
Updated
May 23, 2024 - PowerShell
Parses and Analyse Authentication on Windows Event Log
-
Updated
Jan 15, 2024 - PowerShell
Trial and error creation of powershell scripts to help with IR
-
Updated
Sep 29, 2019 - PowerShell
A fork of @evild3ad's Get-UsnJrnlInfo PowerShell Script. Very minor changes for the purpose of a KAPE Module. Gathers information from an extracted $Max file
-
Updated
Sep 4, 2023 - PowerShell
Small Incident Response Powershell script that collects various data from the system.Good alternative to run on a system while waiting for an approved AV scan( or instead of a scan)
-
Updated
Aug 19, 2020 - PowerShell
This tool simplifies the process of extracting and inspecting users CLSID registry values. Easily identify potential threats and malicious activity like examining CLSID's of COM Objects for compromise or replacement by malware.
-
Updated
Sep 23, 2023 - PowerShell
File Watcher - Powershell based file activity monitoring tool
-
Updated
Oct 20, 2021 - PowerShell
Powershell collection designed to assist in Threat Hunting Windows systems.
-
Updated
Jan 14, 2018 - PowerShell
PowerShell tool that helps to parse and analyze Ivanti Secure Connect logs, this tool could help in forensic investigations to have more visibility and more detailed view of the "vc0" logs.
-
Updated
Mar 13, 2024 - PowerShell
A PowerShell script that can be used to parse and convert to CSV the new Windows 11 artifacts found in C:\Windows\appcompat\pca
-
Updated
Jul 3, 2023 - PowerShell
Improve this page
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."