n3l5 / irCRpull
irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.
☆13Updated 9 years ago
Related projects ⓘ
Alternatives and complementary repositories for irCRpull
- Auxiliary scripts for Incident Response with ELK☆11Updated 9 years ago
- PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.☆50Updated 6 years ago
- This is a repository from Adam Swan and I's presentation on Windows Logs Zero 2 Hero.☆21Updated 6 years ago
- Tool to parse SRU database☆24Updated 6 years ago
- Public Maltego Transforms☆23Updated 7 years ago
- RegRipper wrapper for simplified bulk parsing or registry hives☆9Updated 6 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆24Updated 8 years ago
- OSSEC Decoder & Rulesets for Sysmon Events☆15Updated 9 years ago
- A GC link parser for both linkfiles and jumplists.☆18Updated 8 years ago
- Some dfir stuff☆31Updated 2 years ago
- ☆36Updated 8 years ago
- onigiri - remote malware triage script☆24Updated 9 years ago
- Assorted classes and methods for indexing reports and retrieving information from an elastic index☆21Updated 8 years ago
- Queries to parse sysmon event log file with microsoft logparser☆56Updated 9 years ago
- Threat Intelligence distribution☆30Updated 8 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Updated 5 years ago
- ☆39Updated 5 years ago
- An informational repo about hunting for adversaries in your IT environment.☆14Updated 7 years ago
- Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just a…☆36Updated 6 years ago
- Bringing DevOps to Forensics☆34Updated 9 years ago
- Home to the ActorTrackr source code☆24Updated 7 years ago
- Python script to pull various IOCs from PDFs☆15Updated 9 years ago