Top 12 PowerShell Dfir Projects

• sysmon-modular

  15 2,515 4.8 PowerShell

  A repository of sysmon configuration modules

Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

• AzureHunter

  2 764 0.0 PowerShell

  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• sysmon-config

  1 753 7.2 PowerShell

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

• WELA

  3 678 0.0 PowerShell

  WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

  

• DetectionLabELK

  3 525 0.0 PowerShell

  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

  

• MemProcFS-Analyzer

  2 411 6.1 PowerShell

  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

• Trawler

  6 296 5.2 PowerShell

  PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• Collect-MemoryDump

  2 211 4.5 PowerShell

  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

• Win10

  1 167 7.2 PowerShell

  Win 10/11 related research

• WindowsDFIR

  2 71 2.6 PowerShell

  Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

• Queries

  1 67 1.0 PowerShell

  SQLite queries (by kacos2000)

• Power-Response

  2 61 0.0 PowerShell

  Powering Up Incident Response with Power-Response

  

PowerShell Dfir related posts

• Sysmon 15.0 is out now with advanced features

  2 projects | /r/sysadmin | 29 Jun 2023

• Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

  1 project | /r/u_1259iknow | 2 May 2023

• Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

  1 project | /r/netsec | 30 Apr 2023

• User was hacked and sent out malware via their company email however unable to find out how?

  1 project | /r/cybersecurity | 25 Apr 2023

• Sharing a new tool I made for aiding my analysis of persistence mechanisms on Windows - Trawler

  1 project | /r/computerforensics | 24 Apr 2023

• Splunk & Sysmon as SIEM

  1 project | /r/Splunk | 11 Apr 2023

• Looking for inputs and validation for this network setup.

  2 projects | /r/AskNetsec | 24 Feb 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 1 Jun 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending PowerShell projects with our weekly report!