joeavanzato/RetrievIR external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

joeavanzato/RetrievIR

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/joeavanzato/RetrievIR)

Close

joeavanzato / RetrievIRView on GitHubMore

• External links
• Readme badge

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

☆112Aug 26, 2024Updated last year

Alternatives and similar repositories for RetrievIR

Users that are interested in RetrievIR are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• RustyNoob-619 / YARA

  View on GitHub
  Everything related to YARA
  ☆16Feb 19, 2026Updated last month
• joeavanzato / ThreatSim

  View on GitHub
  Threat Simulator for Enterprise Networks
  ☆14May 14, 2022Updated 3 years ago
• Fheidt12 / Windows_Scan

  View on GitHub
  基于Go和YARA规则 对windows进程和文件进行检测
  ☆18Sep 20, 2024Updated last year
• Azure / MDTI-Solutions

  View on GitHub
  Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product
  ☆80Sep 9, 2024Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• LearningKijo / MDEtester

  View on GitHub
  MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.
  ☆194Feb 20, 2026Updated last month
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated last year
• mthcht / ThreatHunting-Keywords-sigma-rules

  View on GitHub
  Sigma detection rules for hunting with the threathunting-keywords project
  ☆59Mar 2, 2025Updated last year
• joeavanzato / velociraptor-timeline-creator

  View on GitHub
  VTC - Velociraptor Timeline Creator
  ☆19May 15, 2024Updated last year
• tomwechsler / Active_Directory_Advanced_Threat_Hunting

  View on GitHub
  This repo is about Active Directory Advanced Threat Hunting
  ☆650Feb 17, 2025Updated last year
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆12Oct 21, 2025Updated 5 months ago
• SecurityAura / DE-TH-Aura

  View on GitHub
  Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…
  ☆280Dec 20, 2025Updated 3 months ago
• Bert-JanP / Incident-Response-Powershell

  View on GitHub
  PowerShell Digital Forensics & Incident Response Scripts.
  ☆781Jan 14, 2026Updated 2 months ago
• Velocidex / cloudvelo

  View on GitHub
  An experimental Velociraptor implementation using cloud infrastructure
  ☆26Dec 2, 2025Updated 4 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• msdirtbag / MDE-Quickstart

  View on GitHub
  MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore
  ☆65Dec 26, 2022Updated 3 years ago
• bastienperez / ActiveDirectory-Toolbox

  View on GitHub
  ☆49Mar 12, 2026Updated 3 weeks ago
• op7ic / Cloud-Investigate

  View on GitHub
  A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.
  ☆38Mar 25, 2024Updated 2 years ago
• forensicxlab / volatility3_plugins

  View on GitHub
  ☆25Jul 23, 2024Updated last year
• Cloud-Architekt / AzureSentinel

  View on GitHub
  Sharing my KQL queries for Azure Sentinel
  ☆209Feb 9, 2026Updated 2 months ago
• mthcht / ThreatHunting-Keywords-yara-rules

  View on GitHub
  yara detection rules for hunting with the threathunting-keywords project
  ☆158May 11, 2025Updated 10 months ago
• DanielBradley1 / Microsoft-Graph-PowerShell

  View on GitHub
  ☆23Mar 21, 2024Updated 2 years ago
• lawndoc / Respotter

  View on GitHub
  Respotter is a Responder honeypot. Detect Responder in your environment as soon as it's spun up.
  ☆198Nov 5, 2025Updated 5 months ago
• format81 / GenAI-STIX2.1-Generator

  View on GitHub
  GenAI-STIX2.1-Generator is a tool that leverages Azure OpenAI capabilities to transform threat intelligence reports from unstructured web…
  ☆24Mar 24, 2025Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• joeavanzato / Trawler

  View on GitHub
  PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
  ☆325May 1, 2025Updated 11 months ago
• Mayyhem / Maestro

  View on GitHub
  Abusing Azure services over C2
  ☆368Jan 20, 2026Updated 2 months ago
• PShlyundin / GPOHunter

  View on GitHub
  A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities
  ☆323Mar 27, 2025Updated last year
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Apr 1, 2026Updated last week
• 0xB455 / ActiveSyncBruter

  View on GitHub
  ☆27Mar 6, 2025Updated last year
• airbus-cert / scrings

  View on GitHub
  Semantic strings based on tree-sitter
  ☆17Feb 19, 2025Updated last year
• LearningKijo / KQL

  View on GitHub
  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
  ☆488Nov 22, 2024Updated last year
• cyb3rmik3 / MDE-DFIR-Resources

  View on GitHub
  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …
  ☆455Feb 18, 2026Updated last month
• gtworek / VolatileDataCollector

  View on GitHub
  ☆215Dec 2, 2025Updated 4 months ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• AlbinoGazelle / esxi-testing-toolkit

  View on GitHub
  🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
  ☆82Apr 20, 2025Updated 11 months ago
• msdirtbag / azurevelo

  View on GitHub
  Velociraptor Server hosted in Azure App Service
  ☆59Jun 4, 2025Updated 10 months ago
• imabdk / Proactive-Remediations

  View on GitHub
  ☆17Oct 24, 2025Updated 5 months ago
• rootsecdev / Presentations

  View on GitHub
  Presentations from Conferences
  ☆31Sep 14, 2024Updated last year
• digitalsleuth / winfor-salt

  View on GitHub
  Windows Forensics Salt States
  ☆21Mar 30, 2026Updated last week
• JeffMichelmore / MDEKit

  View on GitHub
  ☆43Oct 11, 2023Updated 2 years ago
• MHaggis / PowerShell-Hunter

  View on GitHub
  PowerShell tools to help defenders hunt smarter, hunt harder.
  ☆479Oct 29, 2025Updated 5 months ago