├── .github
    └── workflows
    │   └── psscriptanalyzer.yml
├── ConfigureWindowsEventLogs.ps1
├── Count-LECmdTimestampColumns.ps1
├── Count-SBECmdTimestampColumns.ps1
├── EseDbEnumerator
    ├── EseDbEnumerator.ps1
    └── README.md
├── EvtxECmdGapFinder.ps1
├── ExtractFilenamesFromWindowsEDB.ps1
├── Get-ApplicationGUIDs.ps1
├── Get-CSVHeaders.ps1
├── Get-ChainsawSigmaRules.ps1
├── Get-ISOMetadata.ps1
├── GitHubProjects
    ├── EVTXETWResources
    │   └── EVTXETWResources.ps1
    ├── VanillaRegistryHives
    │   ├── PowerShell_CompressArchive.mkape
    │   ├── PowerShell_CopyItem.mkape
    │   └── VanillaRegistryHives.ps1
    └── VanillaWindowsReference
    │   ├── VanillaWindowsReference.ps1
    │   └── VanillaWindowsReference2.ps1
├── KAPE
    ├── Get-ChainsawSigmaRules.ps1
    ├── MFTECmd$J$MFTParser.ps1
    ├── Move-KAPEConsoleHost_history.ps1
    ├── Parse-MatterMostDownloadsJson.ps1
    ├── SRUM-Repair.ps1
    └── SUM-Repair.ps1
├── LICENSE
├── MBAMServiceLogParser.ps1
├── README.md
├── Snippets
    ├── PowerShellLogToFile.md
    ├── PowerShellScriptParameters.md
    ├── PowerShellTryCatchFinally.md
    └── README.MD
├── ThorScripts
    ├── Invoke-ThorScanMountedImage.ps1
    ├── Invoke-ThorScanOfflineFiles.ps1
    ├── Invoke-ThorUpgrade.ps1
    ├── Invoke-ThorUtilConvertLogToCSV.ps1
    └── Scan-MFTECmdMFTThor.ps1
└── VanillaWindowsReference
    ├── PowerShell_CompressArchive.mkape
    ├── PowerShell_CopyItem.mkape
    ├── README.md
    ├── _kape.cli
    ├── evtx.ps1
    └── kape.ps1


/.github/workflows/psscriptanalyzer.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/.github/workflows/psscriptanalyzer.yml


--------------------------------------------------------------------------------
/ConfigureWindowsEventLogs.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ConfigureWindowsEventLogs.ps1


--------------------------------------------------------------------------------
/Count-LECmdTimestampColumns.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Count-LECmdTimestampColumns.ps1


--------------------------------------------------------------------------------
/Count-SBECmdTimestampColumns.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Count-SBECmdTimestampColumns.ps1


--------------------------------------------------------------------------------
/EseDbEnumerator/EseDbEnumerator.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/EseDbEnumerator/EseDbEnumerator.ps1


--------------------------------------------------------------------------------
/EseDbEnumerator/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/EseDbEnumerator/README.md


--------------------------------------------------------------------------------
/EvtxECmdGapFinder.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/EvtxECmdGapFinder.ps1


--------------------------------------------------------------------------------
/ExtractFilenamesFromWindowsEDB.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ExtractFilenamesFromWindowsEDB.ps1


--------------------------------------------------------------------------------
/Get-ApplicationGUIDs.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Get-ApplicationGUIDs.ps1


--------------------------------------------------------------------------------
/Get-CSVHeaders.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Get-CSVHeaders.ps1


--------------------------------------------------------------------------------
/Get-ChainsawSigmaRules.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Get-ChainsawSigmaRules.ps1


--------------------------------------------------------------------------------
/Get-ISOMetadata.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Get-ISOMetadata.ps1


--------------------------------------------------------------------------------
/GitHubProjects/EVTXETWResources/EVTXETWResources.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/EVTXETWResources/EVTXETWResources.ps1


--------------------------------------------------------------------------------
/GitHubProjects/VanillaRegistryHives/PowerShell_CompressArchive.mkape:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/VanillaRegistryHives/PowerShell_CompressArchive.mkape


--------------------------------------------------------------------------------
/GitHubProjects/VanillaRegistryHives/PowerShell_CopyItem.mkape:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/VanillaRegistryHives/PowerShell_CopyItem.mkape


--------------------------------------------------------------------------------
/GitHubProjects/VanillaRegistryHives/VanillaRegistryHives.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/VanillaRegistryHives/VanillaRegistryHives.ps1


--------------------------------------------------------------------------------
/GitHubProjects/VanillaWindowsReference/VanillaWindowsReference.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/VanillaWindowsReference/VanillaWindowsReference.ps1


--------------------------------------------------------------------------------
/GitHubProjects/VanillaWindowsReference/VanillaWindowsReference2.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/GitHubProjects/VanillaWindowsReference/VanillaWindowsReference2.ps1


--------------------------------------------------------------------------------
/KAPE/Get-ChainsawSigmaRules.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/Get-ChainsawSigmaRules.ps1


--------------------------------------------------------------------------------
/KAPE/MFTECmd$J$MFTParser.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/MFTECmd$J$MFTParser.ps1


--------------------------------------------------------------------------------
/KAPE/Move-KAPEConsoleHost_history.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/Move-KAPEConsoleHost_history.ps1


--------------------------------------------------------------------------------
/KAPE/Parse-MatterMostDownloadsJson.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/Parse-MatterMostDownloadsJson.ps1


--------------------------------------------------------------------------------
/KAPE/SRUM-Repair.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/SRUM-Repair.ps1


--------------------------------------------------------------------------------
/KAPE/SUM-Repair.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/KAPE/SUM-Repair.ps1


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/LICENSE


--------------------------------------------------------------------------------
/MBAMServiceLogParser.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/MBAMServiceLogParser.ps1


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/README.md


--------------------------------------------------------------------------------
/Snippets/PowerShellLogToFile.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Snippets/PowerShellLogToFile.md


--------------------------------------------------------------------------------
/Snippets/PowerShellScriptParameters.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Snippets/PowerShellScriptParameters.md


--------------------------------------------------------------------------------
/Snippets/PowerShellTryCatchFinally.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Snippets/PowerShellTryCatchFinally.md


--------------------------------------------------------------------------------
/Snippets/README.MD:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/Snippets/README.MD


--------------------------------------------------------------------------------
/ThorScripts/Invoke-ThorScanMountedImage.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ThorScripts/Invoke-ThorScanMountedImage.ps1


--------------------------------------------------------------------------------
/ThorScripts/Invoke-ThorScanOfflineFiles.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ThorScripts/Invoke-ThorScanOfflineFiles.ps1


--------------------------------------------------------------------------------
/ThorScripts/Invoke-ThorUpgrade.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ThorScripts/Invoke-ThorUpgrade.ps1


--------------------------------------------------------------------------------
/ThorScripts/Invoke-ThorUtilConvertLogToCSV.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ThorScripts/Invoke-ThorUtilConvertLogToCSV.ps1


--------------------------------------------------------------------------------
/ThorScripts/Scan-MFTECmdMFTThor.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/ThorScripts/Scan-MFTECmdMFTThor.ps1


--------------------------------------------------------------------------------
/VanillaWindowsReference/PowerShell_CompressArchive.mkape:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/PowerShell_CompressArchive.mkape


--------------------------------------------------------------------------------
/VanillaWindowsReference/PowerShell_CopyItem.mkape:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/PowerShell_CopyItem.mkape


--------------------------------------------------------------------------------
/VanillaWindowsReference/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/README.md


--------------------------------------------------------------------------------
/VanillaWindowsReference/_kape.cli:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/_kape.cli


--------------------------------------------------------------------------------
/VanillaWindowsReference/evtx.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/evtx.ps1


--------------------------------------------------------------------------------
/VanillaWindowsReference/kape.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AndrewRathbun/DFIRPowerShellScripts/HEAD/VanillaWindowsReference/kape.ps1


--------------------------------------------------------------------------------