Top 12 PowerShell Dfir Projects

Dfir

• Add a project

1. sysmon-modular

   1 15 2,775 0.9 PowerShell

   A repository of sysmon configuration modules

   

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. sysmon-config

   2 1 801 7.2 PowerShell

   Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

   

4. AzureHunter

   3 2 783 0.0 PowerShell

   A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

   

5. MemProcFS-Analyzer

   4 2 623 5.5 PowerShell

   MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

   

6. ThreatHunting-Keywords

   5 1 570 8.8 PowerShell

   Awesome list of keywords and artifacts for Threat Hunting sessions

   

7. DetectionLabELK

   6 3 548 0.0 PowerShell

   DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

   

8. Trawler

   7 6 316 7.8 PowerShell

   PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. Collect-MemoryDump

    8 2 240 6.5 PowerShell

    Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

    

11. Win10

    9 1 183 7.2 PowerShell

    Win 10/11 related research

    

12. Queries

    10 1 79 1.0 PowerShell

    SQLite queries (by kacos2000)

    

13. WindowsDFIR

    11 2 77 2.6 PowerShell

    Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

    

14. Power-Response

    12 2 63 0.0 PowerShell

    Powering Up Incident Response with Power-Response

    

PowerShell Dfir related posts

• Sysmon 15.0 is out now with advanced features

  2 projects | /r/sysadmin | 29 Jun 2023

• Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

  1 project | /r/u_1259iknow | 2 May 2023

• Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

  1 project | /r/netsec | 30 Apr 2023

• User was hacked and sent out malware via their company email however unable to find out how?

  1 project | /r/cybersecurity | 25 Apr 2023

• Sharing a new tool I made for aiding my analysis of persistence mechanisms on Windows - Trawler

  1 project | /r/computerforensics | 24 Apr 2023

• Splunk & Sysmon as SIEM

  1 project | /r/Splunk | 11 Apr 2023

• Looking for inputs and validation for this network setup.

  2 projects | /r/AskNetsec | 24 Feb 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 20 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending PowerShell projects with our weekly report!