Skip to content
/ DFIR_scripts Public

This space contains scripts I have created to try to automate basic analysis or triage for incident evidence.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

edchavarro/DFIR_scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WindowsEventID.txt
WindowsEventID.txt
 
 
evidence-parser.ps1
evidence-parser.ps1
 
 
pssigma-check.ps1
pssigma-check.ps1
 
 

Repository files navigation

DFIR_scripts

This space contains scripts I have created to try to automate basic analisys or triage for incident evidence.

It works for me, maybe could be useful for you.

#evidence-parser

Powershell scripts that executes and stores the results for executing common tools like #RegRipper, #MFTAnalyze and Plazo to evidence collectedd using velociraptor. It requires the file WindowsEventID.txt to look for specific strings, you casn improve this file for better results.

#pssigma-check

An script where I try to improve results from SIGMA for my own analysis. Still working on it :)

About

This space contains scripts I have created to try to automate basic analysis or triage for incident evidence.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages