This repository implements a check on System32 executable files to detect backdoor by renamed file
-
Updated
Dec 21, 2023 - PowerShell
This repository implements a check on System32 executable files to detect backdoor by renamed file
Windows network host hunting at scale!
This PowerShell script checks and gathers information about startup items on a Windows system. It retrieves details such as file hashes and additional file information for executable files configured to run at system startup.
Powershell script to only show recently modified autorun entries from a csv export
A powershell tool that automate the remote forensic evidence adquisitions (triage) from Remote windows machines, using KAPE tool.
A tool to do forensics of Office documents
A powershell wrapper for Sdelete
Scripts created to monitor Tier 0 accounts and investigate account's attributes
Useful documents and utilities utilized in incident handling process to identify,contain and eradicate those who where illegally inside
Use Svendsen Tech's Search-ForLife PowerShell code in an attempt to detect if a server is in use, as part of server lifecycle management/removal/investigation of unknown servers, etc.
Windows Anti-Forensics Script (WAFS) hardened your Windows OS against forensics analysis.
Scripts automating computer forensics for Windows and Linux
This script is inelegant but straightforward and identifies downloaded files and the url from which the file was downloaded (if ADS Zone Identifier is available) in the System32 directory. Additionally, it also identifies .iso and .img files in the user's download directory. This is intended for Incident Responders, SOC Analysts, and Threat Rese…
a Forensic Script to remotely obtain information from a target machine.
Add a description, image, and links to the forensics topic page so that developers can more easily learn about it.
To associate your repository with the forensics topic, visit your repo's landing page and select "manage topics."