strozfriedberg / velociraptor-lateral-movement
☆10Updated last year
Related projects ⓘ
Alternatives and complementary repositories for velociraptor-lateral-movement
- ☆1Updated 3 weeks ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆94Updated last year
- Parses KAPE module files and downloads binaries referenced by BinaryURL☆18Updated 5 years ago
- ☆85Updated 9 months ago
- A script that updates KAPE (using Get-KAPEUpdate.ps1) as well as EZ Tools (within .\KAPE\Modules\bin) and the ancillary files that enhanc…☆53Updated last year
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆119Updated this week
- ☆50Updated 6 months ago
- ☆31Updated last month
- ☆52Updated last year
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆109Updated 11 months ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆49Updated last year
- Script to automate Linux live evidence collection☆27Updated 2 years ago
- Stand-alone parser for User Access Logging from Server 2012 and newer systems☆71Updated 10 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆76Updated last week
- ☆13Updated 2 years ago
- Collection of scripts provided for public use☆31Updated last week
- A PowerShell incident response script for quick triage☆75Updated 2 years ago
- Full of public notes and Utilities☆86Updated this week
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- Documentation repository☆43Updated 2 months ago
- Random notes collected on the intertubes relating to DFIR☆32Updated last year
- A dataset containing Office 365 Unified Audit Logs for security research and detection☆48Updated 2 years ago
- Crack base64(sha256(username)) hash from Microsoft Event ID 1029☆18Updated last year
- Python client for DFIR-IRIS☆20Updated 3 months ago
- ☆70Updated last month
- ☆41Updated 3 years ago
- Automating the baseline logging settings found here: https://nullsec.us/windows-baseline-logging/☆14Updated last year
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆44Updated last month
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 2 years ago