├── .gitattributes ├── .gitignore ├── LICENSE ├── NOTICE.md ├── README.md ├── config generator.py ├── config.ini ├── humans.txt ├── main.bat ├── make.bat ├── modules ├── activity │ ├── module.bat │ └── tools │ │ └── lastactivityview │ │ ├── LastActivityView.chm │ │ ├── LastActivityView.exe │ │ └── readme.txt ├── autostart │ ├── make.bat │ ├── module.bat │ └── tools │ │ └── .gitignore ├── browsing │ ├── module.bat │ └── tools │ │ ├── browsinghistoryview-x64 │ │ ├── BrowsingHistoryView.chm │ │ ├── BrowsingHistoryView.exe │ │ └── readme.txt │ │ ├── browsinghistoryview │ │ ├── BrowsingHistoryView.chm │ │ ├── BrowsingHistoryView.exe │ │ └── readme.txt │ │ ├── chromecacheview │ │ ├── ChromeCacheView.chm │ │ ├── ChromeCacheView.exe │ │ └── readme.txt │ │ ├── iecacheview │ │ ├── IECacheView.chm │ │ ├── IECacheView.exe │ │ └── readme.txt │ │ └── mozillacacheview │ │ ├── MozillaCacheView.chm │ │ ├── MozillaCacheView.exe │ │ └── readme.txt ├── dirwalk │ └── module.bat ├── disk-image │ ├── module.bat │ └── tools │ │ └── NOTICE.txt ├── events │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── psloglist.exe │ │ └── psloglist64.exe ├── file_hashing │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── nonrecursive.txt │ │ ├── recursive.txt │ │ ├── sha256deep.exe │ │ └── sha256deep64.exe ├── files │ ├── module.bat │ └── tools │ │ └── forecopy_handy.exe ├── filesystem │ ├── module.bat │ └── tools │ │ ├── ExtractUsnJrnl │ │ ├── ExtractUsnJrnl.exe │ │ ├── ExtractUsnJrnl64.exe │ │ └── docs │ │ │ ├── LICENSE.md.txt │ │ │ ├── NOTICE.txt │ │ │ ├── changelog.txt │ │ │ └── readme.txt │ │ ├── RawCopy │ │ ├── RawCopy.exe │ │ ├── RawCopy64.exe │ │ └── docs │ │ │ ├── LICENSE.md │ │ │ ├── NOTICE.txt │ │ │ ├── changelog.txt │ │ │ └── readme.txt │ │ └── forecopy_handy.exe ├── hash_checks │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── nonrecursive.txt │ │ ├── recursive.txt │ │ ├── sha256deep.exe │ │ └── sha256deep64.exe ├── memory-files │ ├── module.bat │ └── tools │ │ ├── RawCopy │ │ ├── RawCopy.exe │ │ ├── RawCopy64.exe │ │ └── docs │ │ │ ├── LICENSE.md │ │ │ ├── NOTICE.txt │ │ │ ├── changelog.txt │ │ │ └── readme.txt │ │ └── forecopy_handy.exe ├── memory-image │ ├── module.bat │ └── tools │ │ ├── RamCapture.exe │ │ ├── RamCapture64.exe │ │ ├── RamCaptureDriver.sys │ │ └── RamCaptureDriver64.sys ├── network │ ├── module.bat │ └── tools │ │ ├── cports-x64 │ │ ├── cports.chm │ │ ├── cports.exe │ │ └── readme.txt │ │ └── cports │ │ ├── cports.chm │ │ ├── cports.exe │ │ └── readme.txt ├── prefetch │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── WinPrefetchView.exe │ │ ├── WinPrefetchView64.exe │ │ └── readme.txt ├── process │ ├── make.bat │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── driverview-x64 │ │ ├── DriverView.chm │ │ ├── DriverView.exe │ │ └── readme.txt │ │ └── driverview │ │ ├── DriverView.chm │ │ ├── DriverView.exe │ │ └── readme.txt ├── registry │ ├── module.bat │ └── tools │ │ ├── .gitignore │ │ ├── PsGetsid.exe │ │ ├── PsLoggedon.exe │ │ ├── RawCopy.exe │ │ └── RawCopy64.exe ├── session │ ├── module.bat │ └── tools │ │ ├── .gitkeep │ │ ├── PsLoggedon.exe │ │ ├── PsLoggedon64.exe │ │ ├── logonsessions.exe │ │ └── logonsessions64.exe ├── system │ ├── module.bat │ └── tools │ │ └── WinAudit.exe ├── usb │ ├── module.bat │ └── tools │ │ ├── usbdeview-x64 │ │ ├── USBDeview.cfg │ │ ├── USBDeview.chm │ │ ├── USBDeview.exe │ │ └── readme.txt │ │ └── usbdeview │ │ ├── USBDeview.chm │ │ ├── USBDeview.exe │ │ └── readme.txt └── yara_scans │ ├── module.bat │ └── tools │ ├── .gitkeep │ ├── nonrecursive.txt │ ├── recursive.txt │ ├── yara32.exe │ ├── yara64.exe │ ├── yarac32.exe │ └── yarac64.exe ├── templates └── module-name │ ├── make.bat │ ├── module.bat │ └── tools │ └── .gitignore └── util ├── curl.exe ├── exec.bat ├── hashdeep ├── HASHDEEP.txt ├── hashdeep.exe └── hashdeep64.exe ├── log.bat ├── netstat-parser.py ├── read-config.bat ├── timestamp.bat └── yara ├── yara32.exe ├── yara64.exe ├── yarac32.exe └── yarac64.exe /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | output/ 2 | forecopy_handy.log 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/LICENSE -------------------------------------------------------------------------------- /NOTICE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/NOTICE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/README.md -------------------------------------------------------------------------------- /config generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/config generator.py -------------------------------------------------------------------------------- /config.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/config.ini -------------------------------------------------------------------------------- /humans.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/humans.txt -------------------------------------------------------------------------------- /main.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/main.bat -------------------------------------------------------------------------------- /make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/make.bat -------------------------------------------------------------------------------- /modules/activity/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/activity/module.bat -------------------------------------------------------------------------------- /modules/activity/tools/lastactivityview/LastActivityView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/activity/tools/lastactivityview/LastActivityView.chm -------------------------------------------------------------------------------- /modules/activity/tools/lastactivityview/LastActivityView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/activity/tools/lastactivityview/LastActivityView.exe -------------------------------------------------------------------------------- /modules/activity/tools/lastactivityview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/activity/tools/lastactivityview/readme.txt -------------------------------------------------------------------------------- /modules/autostart/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/autostart/make.bat -------------------------------------------------------------------------------- /modules/autostart/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/autostart/module.bat -------------------------------------------------------------------------------- /modules/autostart/tools/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/autostart/tools/.gitignore -------------------------------------------------------------------------------- /modules/browsing/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/module.bat -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview-x64/BrowsingHistoryView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview-x64/BrowsingHistoryView.chm -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview-x64/BrowsingHistoryView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview-x64/BrowsingHistoryView.exe -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview-x64/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview-x64/readme.txt -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview/BrowsingHistoryView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview/BrowsingHistoryView.chm -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview/BrowsingHistoryView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview/BrowsingHistoryView.exe -------------------------------------------------------------------------------- /modules/browsing/tools/browsinghistoryview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/browsinghistoryview/readme.txt -------------------------------------------------------------------------------- /modules/browsing/tools/chromecacheview/ChromeCacheView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/chromecacheview/ChromeCacheView.chm -------------------------------------------------------------------------------- /modules/browsing/tools/chromecacheview/ChromeCacheView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/chromecacheview/ChromeCacheView.exe -------------------------------------------------------------------------------- /modules/browsing/tools/chromecacheview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/chromecacheview/readme.txt -------------------------------------------------------------------------------- /modules/browsing/tools/iecacheview/IECacheView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/iecacheview/IECacheView.chm -------------------------------------------------------------------------------- /modules/browsing/tools/iecacheview/IECacheView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/iecacheview/IECacheView.exe -------------------------------------------------------------------------------- /modules/browsing/tools/iecacheview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/iecacheview/readme.txt -------------------------------------------------------------------------------- /modules/browsing/tools/mozillacacheview/MozillaCacheView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/mozillacacheview/MozillaCacheView.chm -------------------------------------------------------------------------------- /modules/browsing/tools/mozillacacheview/MozillaCacheView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/mozillacacheview/MozillaCacheView.exe -------------------------------------------------------------------------------- /modules/browsing/tools/mozillacacheview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/browsing/tools/mozillacacheview/readme.txt -------------------------------------------------------------------------------- /modules/dirwalk/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/dirwalk/module.bat -------------------------------------------------------------------------------- /modules/disk-image/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/disk-image/module.bat -------------------------------------------------------------------------------- /modules/disk-image/tools/NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/disk-image/tools/NOTICE.txt -------------------------------------------------------------------------------- /modules/events/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/events/module.bat -------------------------------------------------------------------------------- /modules/events/tools/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/events/tools/.gitignore -------------------------------------------------------------------------------- /modules/events/tools/psloglist.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/events/tools/psloglist.exe -------------------------------------------------------------------------------- /modules/events/tools/psloglist64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/events/tools/psloglist64.exe -------------------------------------------------------------------------------- /modules/file_hashing/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/file_hashing/module.bat -------------------------------------------------------------------------------- /modules/file_hashing/tools/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /modules/file_hashing/tools/nonrecursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/file_hashing/tools/nonrecursive.txt -------------------------------------------------------------------------------- /modules/file_hashing/tools/recursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/file_hashing/tools/recursive.txt -------------------------------------------------------------------------------- /modules/file_hashing/tools/sha256deep.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/file_hashing/tools/sha256deep.exe -------------------------------------------------------------------------------- /modules/file_hashing/tools/sha256deep64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/file_hashing/tools/sha256deep64.exe -------------------------------------------------------------------------------- /modules/files/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/files/module.bat -------------------------------------------------------------------------------- /modules/files/tools/forecopy_handy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/files/tools/forecopy_handy.exe -------------------------------------------------------------------------------- /modules/filesystem/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/module.bat -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/ExtractUsnJrnl.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/ExtractUsnJrnl.exe -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/ExtractUsnJrnl64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/ExtractUsnJrnl64.exe -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/docs/LICENSE.md.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/docs/LICENSE.md.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/docs/NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/docs/NOTICE.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/docs/changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/docs/changelog.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/ExtractUsnJrnl/docs/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/ExtractUsnJrnl/docs/readme.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/RawCopy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/RawCopy.exe -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/RawCopy64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/RawCopy64.exe -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/docs/LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/docs/LICENSE.md -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/docs/NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/docs/NOTICE.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/docs/changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/docs/changelog.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/RawCopy/docs/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/RawCopy/docs/readme.txt -------------------------------------------------------------------------------- /modules/filesystem/tools/forecopy_handy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/filesystem/tools/forecopy_handy.exe -------------------------------------------------------------------------------- /modules/hash_checks/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/hash_checks/module.bat -------------------------------------------------------------------------------- /modules/hash_checks/tools/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /modules/hash_checks/tools/nonrecursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/hash_checks/tools/nonrecursive.txt -------------------------------------------------------------------------------- /modules/hash_checks/tools/recursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/hash_checks/tools/recursive.txt -------------------------------------------------------------------------------- /modules/hash_checks/tools/sha256deep.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/hash_checks/tools/sha256deep.exe -------------------------------------------------------------------------------- /modules/hash_checks/tools/sha256deep64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/hash_checks/tools/sha256deep64.exe -------------------------------------------------------------------------------- /modules/memory-files/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/module.bat -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/RawCopy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/RawCopy.exe -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/RawCopy64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/RawCopy64.exe -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/docs/LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/docs/LICENSE.md -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/docs/NOTICE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/docs/NOTICE.txt -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/docs/changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/docs/changelog.txt -------------------------------------------------------------------------------- /modules/memory-files/tools/RawCopy/docs/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/RawCopy/docs/readme.txt -------------------------------------------------------------------------------- /modules/memory-files/tools/forecopy_handy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-files/tools/forecopy_handy.exe -------------------------------------------------------------------------------- /modules/memory-image/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-image/module.bat -------------------------------------------------------------------------------- /modules/memory-image/tools/RamCapture.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-image/tools/RamCapture.exe -------------------------------------------------------------------------------- /modules/memory-image/tools/RamCapture64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-image/tools/RamCapture64.exe -------------------------------------------------------------------------------- /modules/memory-image/tools/RamCaptureDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-image/tools/RamCaptureDriver.sys -------------------------------------------------------------------------------- /modules/memory-image/tools/RamCaptureDriver64.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/memory-image/tools/RamCaptureDriver64.sys -------------------------------------------------------------------------------- /modules/network/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/module.bat -------------------------------------------------------------------------------- /modules/network/tools/cports-x64/cports.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports-x64/cports.chm -------------------------------------------------------------------------------- /modules/network/tools/cports-x64/cports.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports-x64/cports.exe -------------------------------------------------------------------------------- /modules/network/tools/cports-x64/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports-x64/readme.txt -------------------------------------------------------------------------------- /modules/network/tools/cports/cports.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports/cports.chm -------------------------------------------------------------------------------- /modules/network/tools/cports/cports.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports/cports.exe -------------------------------------------------------------------------------- /modules/network/tools/cports/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/network/tools/cports/readme.txt -------------------------------------------------------------------------------- /modules/prefetch/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/prefetch/module.bat -------------------------------------------------------------------------------- /modules/prefetch/tools/.gitignore: -------------------------------------------------------------------------------- 1 | *.cfg 2 | test/ -------------------------------------------------------------------------------- /modules/prefetch/tools/WinPrefetchView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/prefetch/tools/WinPrefetchView.exe -------------------------------------------------------------------------------- /modules/prefetch/tools/WinPrefetchView64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/prefetch/tools/WinPrefetchView64.exe -------------------------------------------------------------------------------- /modules/prefetch/tools/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/prefetch/tools/readme.txt -------------------------------------------------------------------------------- /modules/process/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/make.bat -------------------------------------------------------------------------------- /modules/process/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/module.bat -------------------------------------------------------------------------------- /modules/process/tools/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/.gitignore -------------------------------------------------------------------------------- /modules/process/tools/driverview-x64/DriverView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview-x64/DriverView.chm -------------------------------------------------------------------------------- /modules/process/tools/driverview-x64/DriverView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview-x64/DriverView.exe -------------------------------------------------------------------------------- /modules/process/tools/driverview-x64/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview-x64/readme.txt -------------------------------------------------------------------------------- /modules/process/tools/driverview/DriverView.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview/DriverView.chm -------------------------------------------------------------------------------- /modules/process/tools/driverview/DriverView.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview/DriverView.exe -------------------------------------------------------------------------------- /modules/process/tools/driverview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/process/tools/driverview/readme.txt -------------------------------------------------------------------------------- /modules/registry/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/module.bat -------------------------------------------------------------------------------- /modules/registry/tools/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/tools/.gitignore -------------------------------------------------------------------------------- /modules/registry/tools/PsGetsid.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/tools/PsGetsid.exe -------------------------------------------------------------------------------- /modules/registry/tools/PsLoggedon.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/tools/PsLoggedon.exe -------------------------------------------------------------------------------- /modules/registry/tools/RawCopy.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/tools/RawCopy.exe -------------------------------------------------------------------------------- /modules/registry/tools/RawCopy64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/registry/tools/RawCopy64.exe -------------------------------------------------------------------------------- /modules/session/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/session/module.bat -------------------------------------------------------------------------------- /modules/session/tools/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /modules/session/tools/PsLoggedon.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/session/tools/PsLoggedon.exe -------------------------------------------------------------------------------- /modules/session/tools/PsLoggedon64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/session/tools/PsLoggedon64.exe -------------------------------------------------------------------------------- /modules/session/tools/logonsessions.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/session/tools/logonsessions.exe -------------------------------------------------------------------------------- /modules/session/tools/logonsessions64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/session/tools/logonsessions64.exe -------------------------------------------------------------------------------- /modules/system/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/system/module.bat -------------------------------------------------------------------------------- /modules/system/tools/WinAudit.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/system/tools/WinAudit.exe -------------------------------------------------------------------------------- /modules/usb/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/module.bat -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview-x64/USBDeview.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview-x64/USBDeview.cfg -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview-x64/USBDeview.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview-x64/USBDeview.chm -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview-x64/USBDeview.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview-x64/USBDeview.exe -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview-x64/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview-x64/readme.txt -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview/USBDeview.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview/USBDeview.chm -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview/USBDeview.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview/USBDeview.exe -------------------------------------------------------------------------------- /modules/usb/tools/usbdeview/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/usb/tools/usbdeview/readme.txt -------------------------------------------------------------------------------- /modules/yara_scans/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/module.bat -------------------------------------------------------------------------------- /modules/yara_scans/tools/.gitkeep: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /modules/yara_scans/tools/nonrecursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/nonrecursive.txt -------------------------------------------------------------------------------- /modules/yara_scans/tools/recursive.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/recursive.txt -------------------------------------------------------------------------------- /modules/yara_scans/tools/yara32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/yara32.exe -------------------------------------------------------------------------------- /modules/yara_scans/tools/yara64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/yara64.exe -------------------------------------------------------------------------------- /modules/yara_scans/tools/yarac32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/yarac32.exe -------------------------------------------------------------------------------- /modules/yara_scans/tools/yarac64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/modules/yara_scans/tools/yarac64.exe -------------------------------------------------------------------------------- /templates/module-name/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/templates/module-name/make.bat -------------------------------------------------------------------------------- /templates/module-name/module.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/templates/module-name/module.bat -------------------------------------------------------------------------------- /templates/module-name/tools/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/templates/module-name/tools/.gitignore -------------------------------------------------------------------------------- /util/curl.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/curl.exe -------------------------------------------------------------------------------- /util/exec.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/exec.bat -------------------------------------------------------------------------------- /util/hashdeep/HASHDEEP.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/hashdeep/HASHDEEP.txt -------------------------------------------------------------------------------- /util/hashdeep/hashdeep.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/hashdeep/hashdeep.exe -------------------------------------------------------------------------------- /util/hashdeep/hashdeep64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/hashdeep/hashdeep64.exe -------------------------------------------------------------------------------- /util/log.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/log.bat -------------------------------------------------------------------------------- /util/netstat-parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/netstat-parser.py -------------------------------------------------------------------------------- /util/read-config.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/read-config.bat -------------------------------------------------------------------------------- /util/timestamp.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/timestamp.bat -------------------------------------------------------------------------------- /util/yara/yara32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/yara/yara32.exe -------------------------------------------------------------------------------- /util/yara/yara64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/yara/yara64.exe -------------------------------------------------------------------------------- /util/yara/yarac32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/yara/yarac32.exe -------------------------------------------------------------------------------- /util/yara/yarac64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/counteractive/incident-response-collector/HEAD/util/yara/yarac64.exe --------------------------------------------------------------------------------