PSRecon is a PowerShell-based incident response and live forensic data acquisition tool that gathers data from a remote Windows host, organizes the data into folders, hashes all extracted data, and sends the data to the security team. It also includes endpoint lockdown functionality, allowing users to disable an active directory account or quarantine the host until IT/Security can respond. The tool provides a detailed report that is self-contained, making it easy to share. It can be integrated with the organization's Active Defense frameworks to automate rapid forensic data acquisition and lock down the endpoint. PSRecon can be run on local or remote hosts, and offers various options for enabling PSRemoting and Unrestricted PowerShell Execution.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
Python tool for remote memory acquisition
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A library and tools to access and analyze APFS file systems
A library to access the Expert Witness Compression Format (EWF) for digital forensics and incident response.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.