A combination of tools and scripts for Incident Responders & Forensic Teams.
tree/main/Forensics
Script that collects local Windows data for forensics. Collects scheduled tasks, running processes, installed apps, running services, auto-start apps, auto-start registry keys, local accounts & groups, network connections, firewall settings, SMB sharing & sessions, Windows Security, System, Application, Setup, TerminalServices event logs, and recently modified files within the last 1 day by default.
Script that enables Microsoft Defender for Endpoint Attack Surface Reduction rules in Auditing mode.