PSRecon is a PowerShell-based incident response and live forensic data acquisition tool that gathers data from a remote Windows host, organizes the data into folders, hashes all extracted data, and sends the data to the security team. It also includes endpoint lockdown functionality, allowing users to disable an active directory account or quarantine the host until IT/Security can respond. The tool provides a detailed report that is self-contained, making it easy to share. It can be integrated with the organization's Active Defense frameworks to automate rapid forensic data acquisition and lock down the endpoint. PSRecon can be run on local or remote hosts, and offers various options for enabling PSRemoting and Unrestricted PowerShell Execution.
FEATURES
ALTERNATIVES
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
View physical memory as files in a virtual file system for easy memory analysis and artifact access.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
A cybersecurity tool for collecting and analyzing forensic artifacts on live systems.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.

System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.

Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.

Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.