A collection of powershell scripts that are designed to be ran from a Microsoft Defender for Endpoint Live Response terminal, utilizing open-source tools, such as Kape (Kroll Artifact Parser and Extractor), to forensically acquire and process necessary artifact used in compromise assessments. Additional scripts provide pre-processing automation…
☆12Apr 26, 2023Updated 2 years ago
Alternatives and similar repositories for forensic-artifact-automation
Users that are interested in forensic-artifact-automation are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆12Aug 26, 2024Updated last year
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- ☆12Dec 12, 2022Updated 3 years ago
- A small tool to unmap PE memory dumps.☆11Nov 9, 2023Updated 2 years ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- PoC for hiding data within $MFT☆12Aug 14, 2014Updated 11 years ago
- Digital Artefact Extraction Tool for Discord Application☆12Apr 13, 2023Updated 2 years ago
- Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted passw…☆33Mar 4, 2023Updated 3 years ago
- Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.☆11Apr 2, 2022Updated 3 years ago
- Capture. Detonate. Collect☆14Sep 20, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Do DFIR work in a Windows Sandbox☆21Updated this week
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Microsoft Office365 Protection Center Audit Log Parser☆27Jul 17, 2023Updated 2 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- PowerShell-based Windows Server Security Audit Engine by Cyb3rint3l Labs. Measures alignment with the NIS2 directive and maps findings to…☆42Feb 1, 2026Updated last month
- Collection of generic YARA rules☆16Mar 18, 2026Updated last week
- ☆14Aug 13, 2019Updated 6 years ago
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 4 months ago
- Reverse engineered the villager pypi package to github repo for analysis☆26Sep 20, 2025Updated 6 months ago
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆44Oct 25, 2024Updated last year
- A cheatsheet I made while taking OSCP+/PEN-200 in 2024-2025☆36Apr 1, 2025Updated 11 months ago
- A Shiny Web App tutorial inspecting the COVID-19 (2019-nCoV) epidemic, data from https://github.com/CSSEGISandData/COVID-19/tree/master/c…☆10Apr 18, 2020Updated 5 years ago
- Image Payload Creating/Injecting tools☆13Jun 6, 2021Updated 4 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A tool designed to extract data from a logical ReFS 3.4 forensic image produced by FTK Imager☆16Nov 22, 2023Updated 2 years ago
- ☆50May 12, 2021Updated 4 years ago
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆18Oct 28, 2023Updated 2 years ago
- Process hunting Toolkit is toolkit capable of hunting down malicious processes on Windows☆14Jan 31, 2025Updated last year
- Jboss Java Deserialization RCE (CVE-2017-12149)☆13Aug 22, 2019Updated 6 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆226Oct 26, 2025Updated 5 months ago
- LILO based Pulse Secure appliance disk image decryptor☆13Mar 20, 2024Updated 2 years ago
- Indicators of compromise☆17Jan 29, 2026Updated 2 months ago
- Repo that hold write-ups of various research projects I did and/or overall InfoSec things I investigated/researched.☆22Jan 5, 2025Updated last year
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Scripts for rapid Windows endpoint "tactical triage" and investigations with Velociraptor and KAPE☆182Jan 20, 2026Updated 2 months ago
- Cyber Threats Detection Rules☆14Sep 16, 2025Updated 6 months ago
- Automatically exported from code.google.com/p/audiotools☆53Apr 12, 2023Updated 2 years ago
- Regexplore is a Volatility plugin designed to mimic the functionality of the Registry Explorer plugins in EZsuite☆18Mar 31, 2023Updated 2 years ago
- ☆18Jan 22, 2026Updated 2 months ago
- ☆15Aug 7, 2021Updated 4 years ago
- A toolkit to attack Office365☆16Aug 1, 2019Updated 6 years ago