Pinned Repositories
Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Get-MiniTimeline
Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
Get-UsnJrnlInfo
Get-UsnJrnlInfo - Get UsnJrnl Information from extracted $Max file
isodump
isodump - ISO dump utility
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
rules
Repository of yara rules
scripting-snippets
Repository containing shell and python scripting snippets from evild3ad.
yara-rules
Repository containing YARA rules from evild3ad.
evild3ad's Repositories
evild3ad/MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
evild3ad/Collect-MemoryDump
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
evild3ad/Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
evild3ad/isodump
isodump - ISO dump utility
evild3ad/Get-MiniTimeline
Get-MiniTimeline - Triage Collection and Timeline Generation w/ KAPE
evild3ad/scripting-snippets
Repository containing shell and python scripting snippets from evild3ad.
evild3ad/yara-rules
Repository containing YARA rules from evild3ad.
evild3ad/Get-UsnJrnlInfo
Get-UsnJrnlInfo - Get UsnJrnl Information from extracted $Max file
evild3ad/Microsoft-Extractor-Suite
A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
evild3ad/rules
Repository of yara rules
evild3ad/yara
YARA rules for MemProcFS-Analyzer