dwmetz

Forensics & Incident Response, PowerShell

Fuggedaboutit

Pinned Repositories

Awesome-KAPE
A curated list of KAPE-related resources
3 0 01
Axiom-PowerShell
PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
Language:PowerShell10 2 01
CyberPipe
An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
Language:PowerShell273 22 151
detonaRE
Capture. Detonate. Collect
Language:PowerShell14 1 00
Ginsu
Takes a larger image and 'chops' it down to <= 3GB zips to traverse Windows Defender for Endpoint
Language:PowerShell7 1 01
Mal-Hash
This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.
Language:PowerShell15 1 13
Presentations
Archive of presentations shared with the DFIR community.
7 2 00
PSHero
PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
Language:PowerShell35 6 08
QuickPcap
A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
Language:PowerShell40 2 010
Magnet-RESPONSE-PowerShell
PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.
Language:PowerShell22 1 16

dwmetz's Repositories

dwmetz/CyberPipe
An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
Language:PowerShell273 22 151
dwmetz/QuickPcap
A quick and easy PowerShell script to collect a packet trace with option to convert .etl to .pcap.
Language:PowerShell40 2 010
dwmetz/PSHero
PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.
Language:PowerShell35 6 08
dwmetz/Mal-Hash
This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.
Language:PowerShell15 1 13
dwmetz/detonaRE
Capture. Detonate. Collect
Language:PowerShell14 1 00
dwmetz/Axiom-PowerShell
PowerShell scripts to aid investigators when utilizing O365 and Magnet Axiom.
Language:PowerShell10 2 01
dwmetz/Ginsu
Takes a larger image and 'chops' it down to <= 3GB zips to traverse Windows Defender for Endpoint
Language:PowerShell7 1 01
dwmetz/Presentations
Archive of presentations shared with the DFIR community.
7 2 00
dwmetz/Awesome-KAPE
A curated list of KAPE-related resources
3 0 01
dwmetz/Digital-Forensics-with-Kali-Linux
Digital Forensics with Kali Linux, published by Packt
2 0 00
dwmetz/incident-response-plan-template
A concise, directive, specific, flexible, and free incident response plan template
Language:Makefile2 0 01
dwmetz/blue-jupyter
Jupyter Notebooks for the Blue Team
Language:Jupyter Notebook1 0 01
dwmetz/dwmetz.github.io
Language:HTML1 0 00
dwmetz/iLEAPP
iOS Logs, Events, And Plist Parser
Language:Python1 1 0
dwmetz/reversinglabs-yara-rules
ReversingLabs YARA Rules
Language:YARA1 0 0
dwmetz/rules
Repository of yara rules
Language:YARA1 0 0
dwmetz/sift
SIFT
1 0 0
dwmetz/Toolbox
Miscellaneous scripts for public consumption that don't really need their own repository.
Language:Python1 1 0
dwmetz/GCTI
Language:YARA0 0
dwmetz/KapeFiles
This repository serves as a place for community created Targets and Modules for use with KAPE.
0 0
dwmetz/Magnet-RESPONSE-PowerShell
PowerShell script for running Magnet RESPONSE forensic collection tool in large enterprises.
Language:PowerShell0 0
dwmetz/volatility3
Volatility 3.0 development
Language:Python0 02

dwmetz

Pinned Repositories

Awesome-KAPE

Axiom-PowerShell

CyberPipe

detonaRE

Ginsu

Mal-Hash

Presentations

PSHero

QuickPcap

Magnet-RESPONSE-PowerShell

dwmetz's Repositories

dwmetz/CyberPipe

dwmetz/QuickPcap

dwmetz/PSHero

dwmetz/Mal-Hash

dwmetz/detonaRE

dwmetz/Axiom-PowerShell

dwmetz/Ginsu

dwmetz/Presentations

dwmetz/Awesome-KAPE

dwmetz/Digital-Forensics-with-Kali-Linux

dwmetz/incident-response-plan-template

dwmetz/blue-jupyter

dwmetz/dwmetz.github.io

dwmetz/iLEAPP

dwmetz/reversinglabs-yara-rules

dwmetz/rules

dwmetz/sift

dwmetz/Toolbox

dwmetz/GCTI

dwmetz/KapeFiles

dwmetz/Magnet-RESPONSE-PowerShell

dwmetz/volatility3