Skip to content
/ forensics Public

Windows digital forensics and incident response scripts

15 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pranatdayal/forensics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
ParseMFT.ps1
ParseMFT.ps1
 
 
README.md
README.md
 
 
SysArtifacts.ps1
SysArtifacts.ps1
 
 
detect-promisc.py
detect-promisc.py
 
 

Repository files navigation

DFIR

Pranat Dayal Digital forensics and incident response scripts

SysArtifacts.ps1:

Collects various system artifacts from a windows computer for the purpose of Digital Forensics and Incident response

ParseMFT.ps1:

Parses through a CSV dump of $MFT and prints out:

  - Filename 
  
  - Filepath 
  
  - Timestamps

It also dumps $DATA from a particular file and can identify timestomping instances

About

Windows digital forensics and incident response scripts

Topics

powershell incident-response forensics artifacts

Resources

Readme
Activity

Stars

15 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages