DFIRT (Powershell)
Version: 1.0
Release: 2021-02-04
Category: Security - Forensic Tools
Size: 25Kb
Dependency:
Not stealth:
Publisher: Md. Abdullah Al Mamun
Description:
DFIRT is a Powershell script that collects information from Windows PCs:
- recently used files,
- suspicious Event ID,
- Powershell history for all session,
- files opened directly from Windows Explorer,
- network related running services,
- free space of disk,
- Internet connectivity information,
- safe DLL search mode,
- last boot up time,
- user accounts list from SID,
- computer name, current build, ID,
- current user language settings,
- Windows Defender Status,
- current Admin Approval Mode policy,
- domain,
- non default folders in Program File.
Note:
License:
Unlicensed