PSRecon
PSRecon is a PowerShell-based incident response and live forensic data acquisition tool that gathers data from a remote Windows host, organizes the data into folders, hashes all extracted data, and sends the data to the security team. It also includes endpoint lockdown functionality, allowing users to disable an active directory account or quarantine the host until IT/Security can respond. The tool provides a detailed report that is self-contained, making it easy to share. It can be integrated with the organization's Active Defense frameworks to automate rapid forensic data acquisition and lock down the endpoint. PSRecon can be run on local or remote hosts, and offers various options for enabling PSRemoting and Unrestricted PowerShell Execution.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
A software that collects forensic artifacts on systems for forensic investigations.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A tool for extracting files from packet capture files with ease of use and extensibility for Python developers.
GVfs is a userspace virtual filesystem implementation for GIO with various backends and features.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Custom built application for asynchronous forensic data presentation on an Elasticsearch backend, with upcoming features like Docker-based installation and new UI rewrite in React.
A free, open source collection of tools for forensic artifact and image analysis.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.