├── Acquisition
    ├── ChromiumArtifacts.ps1
    ├── CollectLocalDefenderAlerts.ps1
    ├── CollectWindowsEvents.ps1
    ├── CollectWindowsSecurityEvents.ps1
    ├── ExecuteKQLAdvancedHunting.ps1
    ├── ExecuteKQLAdvancedHuntingServicePrincipal.ps1
    ├── FolderToStorageBlob.ps1
    └── GetSecurityIncidents.ps1
├── Analysis
    ├── CollectPnPDevices.ps1
    ├── DFIR-Commands.md
    ├── DumpLocalAdmins.ps1
    ├── LastLogons.ps1
    ├── ListDefenderExclusions.ps1
    ├── ListInstalledSecurityProducts.ps1
    ├── PrefetchFiles.ps1
    └── RunMRUEntries.ps1
├── Containment
    ├── ForcePasswordChangeNextSignIn.ps1
    ├── README.md
    └── RevokeSessions.ps1
├── DFIR-Script.ps1
├── LICENSE
└── README.md


/Acquisition/ChromiumArtifacts.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/ChromiumArtifacts.ps1


--------------------------------------------------------------------------------
/Acquisition/CollectLocalDefenderAlerts.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/CollectLocalDefenderAlerts.ps1


--------------------------------------------------------------------------------
/Acquisition/CollectWindowsEvents.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/CollectWindowsEvents.ps1


--------------------------------------------------------------------------------
/Acquisition/CollectWindowsSecurityEvents.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/CollectWindowsSecurityEvents.ps1


--------------------------------------------------------------------------------
/Acquisition/ExecuteKQLAdvancedHunting.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/ExecuteKQLAdvancedHunting.ps1


--------------------------------------------------------------------------------
/Acquisition/ExecuteKQLAdvancedHuntingServicePrincipal.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/ExecuteKQLAdvancedHuntingServicePrincipal.ps1


--------------------------------------------------------------------------------
/Acquisition/FolderToStorageBlob.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/FolderToStorageBlob.ps1


--------------------------------------------------------------------------------
/Acquisition/GetSecurityIncidents.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Acquisition/GetSecurityIncidents.ps1


--------------------------------------------------------------------------------
/Analysis/CollectPnPDevices.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/CollectPnPDevices.ps1


--------------------------------------------------------------------------------
/Analysis/DFIR-Commands.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/DFIR-Commands.md


--------------------------------------------------------------------------------
/Analysis/DumpLocalAdmins.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/DumpLocalAdmins.ps1


--------------------------------------------------------------------------------
/Analysis/LastLogons.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/LastLogons.ps1


--------------------------------------------------------------------------------
/Analysis/ListDefenderExclusions.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/ListDefenderExclusions.ps1


--------------------------------------------------------------------------------
/Analysis/ListInstalledSecurityProducts.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/ListInstalledSecurityProducts.ps1


--------------------------------------------------------------------------------
/Analysis/PrefetchFiles.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/PrefetchFiles.ps1


--------------------------------------------------------------------------------
/Analysis/RunMRUEntries.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Analysis/RunMRUEntries.ps1


--------------------------------------------------------------------------------
/Containment/ForcePasswordChangeNextSignIn.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Containment/ForcePasswordChangeNextSignIn.ps1


--------------------------------------------------------------------------------
/Containment/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Containment/README.md


--------------------------------------------------------------------------------
/Containment/RevokeSessions.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/Containment/RevokeSessions.ps1


--------------------------------------------------------------------------------
/DFIR-Script.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/DFIR-Script.ps1


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Bert-JanP/Incident-Response-Powershell/HEAD/README.md


--------------------------------------------------------------------------------