PwC-IR/MIA-MailItemsAccessed- external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PwC-IR/MIA-MailItemsAccessed-

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PwC-IR/MIA-MailItemsAccessed-)

Close

PwC-IR / MIA-MailItemsAccessed-View on GitHubMore

• External links
• Readme badge

Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log.

☆41Oct 20, 2020Updated 5 years ago

Alternatives and similar repositories for MIA-MailItemsAccessed-

Users that are interested in MIA-MailItemsAccessed- are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• PwC-IR / Office-365-Extractor

  View on GitHub
  The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
  ☆268Feb 3, 2022Updated 4 years ago
• jdifeder / exabeam-enhancement-suite

  View on GitHub
  ☆11Feb 9, 2023Updated 3 years ago
• PwC-IR / Business-Email-Compromise-Guide

  View on GitHub
  The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Of…
  ☆279Feb 2, 2021Updated 5 years ago
• jschicht / MftCarver

  View on GitHub
  Carve $MFT records from a chunk of data (for instance a memory dump)
  ☆16Aug 21, 2016Updated 9 years ago
• msdirtbag / mde

  View on GitHub
  Defender for Endpoint
  ☆18Mar 11, 2024Updated 2 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• JoeyRentenaar / Office-365-Extractor

  View on GitHub
  The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
  ☆160Mar 27, 2023Updated 3 years ago
• SpyderForensics / SQLite_Forensics

  View on GitHub
  A series of python scripts to extract information from SQLite Data Files
  ☆21Nov 15, 2025Updated 4 months ago
• SecurityAura / Aura-Research

  View on GitHub
  Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.
  ☆22Jan 5, 2025Updated last year
• bromiley / olaf

  View on GitHub
  Office365 Log Analysis Framework
  ☆81Jun 6, 2019Updated 6 years ago
• T0pCyber / hawk

  View on GitHub
  Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
  ☆930Mar 9, 2026Updated 3 weeks ago
• DCScoder / ESXiTri

  View on GitHub
  ESXi Cyber Security Incident Response Script
  ☆25Sep 4, 2024Updated last year
• yahoo / winjob

  View on GitHub
  Parser for Windows Scheduled Task files.
  ☆13Apr 26, 2023Updated 2 years ago
• invictus-ir / ALFA

  View on GitHub
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆174Mar 2, 2026Updated 3 weeks ago
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• SigmaHQ / pySigma-backend-insightidr

  View on GitHub
  ☆16Aug 29, 2025Updated 7 months ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• olafhartong / TA-Sysmon-deploy

  View on GitHub
  Deploy and maintain Symon through the Splunk Deployment Sever
  ☆32Jul 30, 2020Updated 5 years ago
• randomaccess3 / detections

  View on GitHub
  ☆48Mar 16, 2026Updated last week
• WiredPulse / Anydesk_Forensics

  View on GitHub
  ☆14Jun 7, 2023Updated 2 years ago
• WithSecureLabs / iocs

  View on GitHub
  ☆18Jan 22, 2026Updated 2 months ago
• invictus-ir / Microsoft-Extractor-Suite

  View on GitHub
  A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
  ☆776Mar 3, 2026Updated 3 weeks ago
• cado-security / MalwareAnalysis

  View on GitHub
  MalwareAnalysis
  ☆12Dec 19, 2020Updated 5 years ago
• alwashmi / MasterParser

  View on GitHub
  MasterParser is a simple, all-in-one, digital forensics artifact parser
  ☆24Jul 9, 2021Updated 4 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• brimorlabs / KStrike

  View on GitHub
  Stand-alone parser for User Access Logging from Server 2012 and newer systems
  ☆79Jan 9, 2024Updated 2 years ago
• SigmaHQ / pySigma-backend-crowdstrike

  View on GitHub
  SigmaHQ pySigma CrowdStrike processing pipeline
  ☆29Nov 30, 2025Updated 4 months ago
• jafarspalace / Crowdstrike-Falcon-Scripts

  View on GitHub
  Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation
  ☆23Dec 18, 2024Updated last year
• msp4msps / Security

  View on GitHub
  ☆19Apr 16, 2021Updated 4 years ago
• rod-trent / KQL-for-Everything

  View on GitHub
  KQL example queries for working in Azure
  ☆36Dec 1, 2025Updated 3 months ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• syne0 / osprey

  View on GitHub
  Powershell Based tool for gathering information related to O365 intrusions and potential Breaches
  ☆17Dec 29, 2024Updated last year
• nettitude / PoshC2_IOCs

  View on GitHub
  A list of IOCs applicable to PoshC2
  ☆24Aug 3, 2020Updated 5 years ago
• svch0stz / TheThreatHuntLibrary

  View on GitHub
  Library of threat hunts to get any user started!
  ☆50Sep 4, 2020Updated 5 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• 0xElkot / wp-json-extractor

  View on GitHub
  ☆19Sep 18, 2023Updated 2 years ago
• airbus-cert / mispy

  View on GitHub
  Another MISP module for Python
  ☆18Feb 17, 2020Updated 6 years ago
• cado-security / AWS_EKS_Cluster_Forensics

  View on GitHub
  AWS EKS Cluster Forensics
  ☆23Aug 16, 2021Updated 4 years ago
• serrastusbear / NewDomainSearch

  View on GitHub
  Script to pull newly-registered domains and check for similarity against a provided word list.
  ☆13Aug 2, 2020Updated 5 years ago
• nccgroup / mimikatz-detector-busylight

  View on GitHub
  USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…
  ☆21Sep 6, 2022Updated 3 years ago
• brimorlabs / rdpieces

  View on GitHub
  The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images
  ☆89Aug 29, 2023Updated 2 years ago
• network-evolution / CI-CD-Pipeline-For-Network-Automation

  View on GitHub
  Entire CICD Architecture for Network Automaion using Ansible Tower, GitLab, GitLab Runner, WebHooks
  ☆18Apr 25, 2023Updated 2 years ago