.webp)
Powershell Digital Forensics & Incident Response (DFIR) equips cybersecurity professionals with a suite of PowerShell scripts tailored for effective incident handling on Windows devices. From collecting forensic artifacts to analyzing security events, these tools streamline the process of identifying, understanding, and mitigating cyber threats, ensuring a robust defense mechanism in the digital landscape. This repository …
Tag Archives: DFIR
Powershell Digital Forensics And Incident Response (DFIR) – Leveraging Scripts For Effective Cybersecurity
.webp)
This repository contains multiple PowerShell scripts that can help you respond to cyber attacks on Windows Devices. The following Incident Response scripts are included: DFIR Script – Extracted Artefacts The DFIR script collects information from multiple sources and structures the output in the current directory in a folder named ‘DFIR-hostname-year-month-date’. This folder is zipped at the end, …
Microsoft Defender For Endpoint Curated List Of Resources For DFIR – Microsoft Defender For Endpoint Guide
.webp)
Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident Reponse (DFIR) or you are interested in beginning to explore DFIR tools and techniques. The common denominator, no matter what your sense is around DFIR, is that you are using Microsoft Defender for …
Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR
Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features First Public Release MAGNET Talks – Frankfurt, Germany (July 27, 2022)Presentation Title: Modern Digital Forensics and Incident Response Techniqueshttps://www.magnetforensics.com/ Download Download the latest version …
Continue reading “Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR”
DFIR-O365RC : PowerShell Module For Office 365 And Azure AD Log Collection
The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved from two main data sources: Office 365 Unified Audit Logs. Azure AD sign-ins logs and audit logs. The two data sources can be queried from …
Continue reading “DFIR-O365RC : PowerShell Module For Office 365 And Azure AD Log Collection”
RansomCoinPublic : A DFIR Tool To Extract Cryptocoin Addresses
RansomCoinPublic is a DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries. Extracting metadata and hardcoded Indicators of Compromise from ransomware, in a scalable, efficient, way with cuckoo integrations. Ideally, is it run during cuckoo dynamic analysis, but can also be used for static analysis on large collections of ransomware. Designed …
Continue reading “RansomCoinPublic : A DFIR Tool To Extract Cryptocoin Addresses”
Pockint : A Portable OSINT Swiss Army Knife for DFIR/OSINT Professionals
POCKINT (a.k.a. Pocket Intelligence) is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program (to be carried within USBs or investigation VMs), it provides users with essential OSINT capabilities in a compact form factor: POCKINT’s input box accepts typical indicators (URL, IP, MD5) and gives users the …
Continue reading “Pockint : A Portable OSINT Swiss Army Knife for DFIR/OSINT Professionals”