All Projects → ashemery → WindowsDFIR

ashemery / WindowsDFIR

Licence: other
Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Programming Languages

powershell
5483 projects

Projects that are alternatives of or similar to WindowsDFIR

Thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
Stars: ✭ 2,300 (+4409.8%)
Mutual labels:  dfir, investigations
Windows11-Optimization
Community repository, to improve security and performance of Windows 10 and windows 11 with tweaks, commands, scripts, registry keys, configuration, tutorials and more
Stars: ✭ 17 (-66.67%)
Mutual labels:  scripts, cmd
sixarm unix shell scripts
SixArm.com » Unix » shell scripts for command line programs in sh, bash, etc.
Stars: ✭ 49 (-3.92%)
Mutual labels:  scripts
fastfinder
Incident Response - Fast suspicious file finder
Stars: ✭ 116 (+127.45%)
Mutual labels:  dfir
dotfiles
Dotfiles repo
Stars: ✭ 12 (-76.47%)
Mutual labels:  scripts
ttdl
TTDL - Terminal Todo List Manager
Stars: ✭ 91 (+78.43%)
Mutual labels:  cmd
game-modes
Maniaplanet scripts and resources
Stars: ✭ 24 (-52.94%)
Mutual labels:  scripts
calamity
A script to assist in processing forensic RAM captures for malware triage
Stars: ✭ 24 (-52.94%)
Mutual labels:  dfir
reconness-agents
Reconness Agents Script
Stars: ✭ 25 (-50.98%)
Mutual labels:  scripts
ir scripts
incident response scripts
Stars: ✭ 17 (-66.67%)
Mutual labels:  dfir
IRScripts
Incident Response Scripts
Stars: ✭ 29 (-43.14%)
Mutual labels:  dfir
artifactcollector
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (+174.51%)
Mutual labels:  dfir
CASE
Cyber-investigation Analysis Standard Expression (CASE) Ontology
Stars: ✭ 46 (-9.8%)
Mutual labels:  investigations
bin
another scripts repo
Stars: ✭ 18 (-64.71%)
Mutual labels:  scripts
truehunter
Truehunter
Stars: ✭ 30 (-41.18%)
Mutual labels:  dfir
EFT Flea Market Bot
Escape from Tarkov Flea Market bot, to generate a lot of in-game currency within shortest time, while not even having to actively play the game!
Stars: ✭ 22 (-56.86%)
Mutual labels:  cmd
DFIRRegex
A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (-35.29%)
Mutual labels:  dfir
PowerShell
Mega collection of 250+ useful cross-platform PowerShell scripts.
Stars: ✭ 274 (+437.25%)
Mutual labels:  scripts
decwindbx
A sort of a toolkit to decrypt Dropbox Windows DBX files
Stars: ✭ 22 (-56.86%)
Mutual labels:  dfir
dotfiles
Dotfiles for my NixOS system based on Dracula theme
Stars: ✭ 39 (-23.53%)
Mutual labels:  scripts

Windows DFIR

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Timestamps in UTC

Get-ChildItem \<PATH\> -Force | Select-Object FullName, CreationTimeUTC, LastAccessTimeUTC, LastWriteTimeUTC

Timestamps in local time

Get-ChildItem \<PATH\> -Force | Select-Object FullName, CreationTime, LastAccessTime, LastWriteTime

Hash Values (MD5, SHA1, and SHA256)

Get-FileHash \<PATH\> -Algorithm MD5 | Format-List

Get-FileHash \<PATH\> -Algorithm SHA1 | Format-List

Get-FileHash \<PATH\> -Algorithm SHA256 | Format-List

Find location of executable in PATH (similar to which on Linux Systems)

where executablename

Merge two CSV files

Get-Content LNK_User1.csv, LNK_User2.csv | Select-Object -Unique | Set-Content -Encoding ASCII LNK_Users.csv

Create Symbolic Links to Multiple files. Useful to process files that reside in Known Folders

  • Check the file "createSymLinks.ps1" and from where it was found.
  • More info about Known Folders: URL

Workshops

  • BSides Amman 2021, all files here: URL
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].