WindowsDFIR
Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events. (by ashemery)
Trawler
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms. (by joeavanzato)
| WindowsDFIR | Trawler | |
|---|---|---|
| 2 | 6 | |
| 71 | 288 | |
| - | - | |
| 2.6 | 5.2 | |
| almost 3 years ago | about 1 month ago | |
| PowerShell | PowerShell | |
| - | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
WindowsDFIR
Posts with mentions or reviews of WindowsDFIR.
We have used some of these posts to build our list of alternatives
and similar projects.
Trawler
Posts with mentions or reviews of Trawler.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-10.
-
Non-SysAdmin Use Cases for PowerShell? Basically, any use cases NOT involving network, RDP, system config, IT/LAN admin type stuff?
I use it for DFIR work - example - https://github.com/joeavanzato/Trawler
- Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
-
User was hacked and sent out malware via their company email however unable to find out how?
Shameless self-promotion to help you hunt for persistence mechanisms on the endpoint itself if it's Windows - https://github.com/joeavanzato/Trawler
- Sharing a new tool I made for aiding my analysis of persistence mechanisms on Windows - Trawler
- Sharing a new tool I'm working on to help discover persistence mechanisms on Windows - similar to PersistenceSniper but with a wider coverage and built-in allow-list/regex scanning mechanisms.
What are some alternatives?
When comparing WindowsDFIR and Trawler you can also consider the following projects:
Sophia-Script-for-Windows - :zap: The most powerful PowerShell module on GitHub for fine-tuning Windows 10 & Windows 11
Live-Forensicator - Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
MemProcFS-Analyzer - MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Power-Response - Powering Up Incident Response with Power-Response
AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365