├── Azure Endpoints.md
├── Azure Resource Provider List.txt
├── Event4653IPsecScreenshot.png
├── FORENSIC ARTIFACTS - Attacker Source IP Identification With IPsec Audit Events.md
├── FORENSIC ARTIFACTS - Azure Custom Script Extension Use.md
├── FORENSIC ARTIFACTS - Azure Run Command Extension Use.md
├── FORENSIC ARTIFACTS - Windows Event 4653.md
├── HOW TO - Deploy Azure Custom Script Extensions.md
├── HOW TO - Deploy Azure Run Command Extensions.md
├── README.md
└── Run-AzureVmMemoryCollection.ps1


/Azure Endpoints.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/Azure Endpoints.md


--------------------------------------------------------------------------------
/Azure Resource Provider List.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/Azure Resource Provider List.txt


--------------------------------------------------------------------------------
/Event4653IPsecScreenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/Event4653IPsecScreenshot.png


--------------------------------------------------------------------------------
/FORENSIC ARTIFACTS - Attacker Source IP Identification With IPsec Audit Events.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/FORENSIC ARTIFACTS - Attacker Source IP Identification With IPsec Audit Events.md


--------------------------------------------------------------------------------
/FORENSIC ARTIFACTS - Azure Custom Script Extension Use.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/FORENSIC ARTIFACTS - Azure Custom Script Extension Use.md


--------------------------------------------------------------------------------
/FORENSIC ARTIFACTS - Azure Run Command Extension Use.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/FORENSIC ARTIFACTS - Azure Run Command Extension Use.md


--------------------------------------------------------------------------------
/FORENSIC ARTIFACTS - Windows Event 4653.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/FORENSIC ARTIFACTS - Windows Event 4653.md


--------------------------------------------------------------------------------
/HOW TO - Deploy Azure Custom Script Extensions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/HOW TO - Deploy Azure Custom Script Extensions.md


--------------------------------------------------------------------------------
/HOW TO - Deploy Azure Run Command Extensions.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/HOW TO - Deploy Azure Run Command Extensions.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/README.md


--------------------------------------------------------------------------------
/Run-AzureVmMemoryCollection.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AtomicGaryBusey/AzureForensics/HEAD/Run-AzureVmMemoryCollection.ps1


--------------------------------------------------------------------------------