WindowsDFIR Save

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Project README

Windows DFIR

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Timestamps in UTC

Get-ChildItem \<PATH\> -Force | Select-Object FullName, CreationTimeUTC, LastAccessTimeUTC, LastWriteTimeUTC

Timestamps in local time

Get-ChildItem \<PATH\> -Force | Select-Object FullName, CreationTime, LastAccessTime, LastWriteTime

Hash Values (MD5, SHA1, and SHA256)

Get-FileHash \<PATH\> -Algorithm MD5 | Format-List

Get-FileHash \<PATH\> -Algorithm SHA1 | Format-List

Get-FileHash \<PATH\> -Algorithm SHA256 | Format-List

Find location of executable in PATH (similar to which on Linux Systems)

where executablename

Merge two CSV files

Get-Content LNK_User1.csv, LNK_User2.csv | Select-Object -Unique | Set-Content -Encoding ASCII LNK_Users.csv

Create Symbolic Links to Multiple files. Useful to process files that reside in Known Folders

Check the file "createSymLinks.ps1" and from where it was found.
More info about Known Folders: URL

Workshops

BSides Amman 2021, all files here: URL

Open Source Agenda is not affiliated with "WindowsDFIR" Project. README Source: ashemery/WindowsDFIR

Stars

Open Issues

Last Commit

2 years ago

Repository

ashemery/WindowsDFIR

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/windowsdfir"><img src="https://www.opensourceagenda.com/projects/windowsdfir/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022