Pinned Repositories
DFRWS-2019-KAPE-Workshop
Slides, scripts, notes, link, etc from my 2019 DFRWS KAPE Workshop
Get-KapeModuleBinaries
Parses KAPE module files and downloads binaries referenced by BinaryURL
kape-at-scale
Repo for code, techniques, ideas and questions about implementing KAPE at Scale
kape-remote-collections
plaso_filters
Scripts to facilitate filtering with Plaso
Process-EventLogs
Process select Event Logs and Event ID's with EvtxECmd
timesketch-elasticsearch-dfir-queries
mark-hallman's Repositories
mark-hallman/plaso_filters
Scripts to facilitate filtering with Plaso
mark-hallman/kape-at-scale
Repo for code, techniques, ideas and questions about implementing KAPE at Scale
mark-hallman/DFRWS-2019-KAPE-Workshop
Slides, scripts, notes, link, etc from my 2019 DFRWS KAPE Workshop
mark-hallman/kape-remote-collections
mark-hallman/Process-EventLogs
Process select Event Logs and Event ID's with EvtxECmd
mark-hallman/timesketch-elasticsearch-dfir-queries
mark-hallman/Get-KapeModuleBinaries
Parses KAPE module files and downloads binaries referenced by BinaryURL
mark-hallman/scripts_configs
Various scripts and config files
mark-hallman/sec401-win11-notes
Notes & scripts related to the SEC401 Windows 11 redo
mark-hallman/evtx
C# based evtx parser with lots of extras
mark-hallman/HashiCorp-Packer-in-Production
HashiCorp Packer in Production, Published by Packt
mark-hallman/kape-min
A sample minimal "install" of KAPE for testing with powershell remoting.
mark-hallman/KapeFiles
This repository serves as a place for community created Targets and Modules for use with KAPE.
mark-hallman/mdwiki-examples
A collection of example wesbites created with MDwiki
mark-hallman/obsidian_notes
mark-hallman/sec511-iso-proto
mark-hallman/sec566-vm-build-notes
Notes, files, and scripts related to the J01 build of SEC566 Windows 11 Audit VM.
mark-hallman/timesketch
Collaborative forensic timeline analysis
mark-hallman/winget-installation-script