PowerShell Dfir

Open-source PowerShell projects categorized as Dfir

Top 12 PowerShell Dfir Projects

  • sysmon-modular

    A repository of sysmon configuration modules

  • Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

    I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

  • AzureHunter

    A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • sysmon-config

    Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

  • WELA

    WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)

  • DetectionLabELK

    DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

  • MemProcFS-Analyzer

    MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

  • Trawler

    PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • Collect-MemoryDump

    Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

  • Win10

    Win 10/11 related research

  • WindowsDFIR

    Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

  • Queries

    SQLite queries (by kacos2000)

  • Power-Response

    Powering Up Incident Response with Power-Response

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

PowerShell Dfir related posts

  • Sysmon 15.0 is out now with advanced features

    2 projects | /r/sysadmin | 29 Jun 2023
  • Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

    1 project | /r/u_1259iknow | 2 May 2023
  • Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

    1 project | /r/netsec | 30 Apr 2023
  • User was hacked and sent out malware via their company email however unable to find out how?

    1 project | /r/cybersecurity | 25 Apr 2023
  • Sharing a new tool I made for aiding my analysis of persistence mechanisms on Windows - Trawler

    1 project | /r/computerforensics | 24 Apr 2023
  • Splunk & Sysmon as SIEM

    1 project | /r/Splunk | 11 Apr 2023
  • Looking for inputs and validation for this network setup.

    2 projects | /r/AskNetsec | 24 Feb 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 20 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Dfir projects in PowerShell? This list will help you:

Project Stars
1 sysmon-modular 2,501
2 AzureHunter 764
3 sysmon-config 752
4 WELA 678
5 DetectionLabELK 525
6 MemProcFS-Analyzer 404
7 Trawler 294
8 Collect-MemoryDump 211
9 Win10 167
10 WindowsDFIR 71
11 Queries 67
12 Power-Response 61

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com