PowerShell Digital Forensics & Incident Response Scripts.

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

Enterprise PowerShell & VBScript suite for Active Directory automation, ITSM-aligned provisioning, security hardening, and digital forensics - built for Windows Server and workstation environments by a Senior IAM Analyst with a focus on accuracy, scalability, and compliance.

PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.

A tool for fetching DFIR and other GitHub tools.

Over 100K open-source YARA signatures evaluated against over 280K files to give insights into the performance of each YARA rule.

PowerShell tool that helps to parse and analyze Ivanti Secure Connect logs, this tool could help in forensic investigations to have more visibility and more detailed view of the "vc0" logs.

Portable update manager for DFIR USB toolkits. Auto-updates 49+ forensic tools from GitHub with a WPF GUI, parallel checking, hash verification, forensic write protection, and silent/headless mode.

Evidence Collection & Handling Orchestrator

Install every tool and every needed software for your DFIR (/SRE/PEN/OSINT/TCI) workstation. This Tool is doing the work for you, everything after installing Windows (and update).

Forensic browser history extractor for Windows — all users, all browsers, one report

Windows artifact collector to facilitate forensic work

PowerShell network scanner and asset inventory for SOC/IR teams — no installation, no dependencies, runs fully offline.

Zero-dependency DFIR triage script for Windows systems. PowerShell 5.1, no external tools required.

🖥️ PowerShell-based automated Windows forensic triage & live response tool for SOC analysts

Scan Windows networks for assets and hosts offline with PowerShell for SOC and IR teams, no install, no dependencies

DFIR-Orc GetThis tool configuration generator.