๐ณ DFIRT (DFIR Tool)
Collect information of Windows PC when doing incident response.
โน๏ธ DFIRT is a Powershell script. It collects information of-
- recently used files,
- suspicious Event ID,
- Powershell history for all session,
- files opened directly from Windows Explorer,
- network related running services,
- free space of disk,
- Internet connectivity information,
- safe DLL search mode,
- last boot up time,
- user accounts list from SID,
- computer name, current build, ID,
- current user language settings,
- Windows Defender Status,
- current Admin Approval Mode policy,
- domain,
- non default folders in Program File.
1. Download the dfirt.ps1 script. ๐ฐ How to use:
2. Start Windows Powershell.
3. Go to the DFIR folder.
4. Write .\dfirt.ps1 and press Enter.
5. Now, DFIRT will start collecting information and save those information in report.txt file.