WiredPulse / Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
☆13Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for Invoke-SRUMDump
- Google Filestream Forensic Tool☆16Updated 2 years ago
- ESXi Cyber Security Incident Response Script☆20Updated 2 months ago
- Just Another broken Registry Parser (JARP)☆16Updated 5 months ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆22Updated 2 weeks ago
- ☆19Updated last year
- USN Journal full path builder☆36Updated 2 months ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆14Updated 4 years ago
- ☆18Updated 2 years ago
- Windows file metadata / forensic tool.☆15Updated 2 months ago
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆25Updated 2 years ago
- ☆19Updated 2 months ago
- PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.☆10Updated 2 months ago
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆44Updated last month
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- ☆31Updated 2 years ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆18Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆35Updated last year
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆34Updated last year
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated 2 years ago
- ☆10Updated last year
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆15Updated 3 weeks ago
- Recycle bin artifact parser☆36Updated 2 months ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆15Updated 2 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆53Updated last year
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Updated last year
- A sample VHDX file with multiple verbose examples of forensic and anti-forensics artifacts. Meant to be basic and can be expanded upon. P…☆25Updated last year
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆14Updated 2 months ago
- Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.☆37Updated 3 weeks ago