From a1a723cd8f08b65c3ba691fa7782b13e6ba9ce32 Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 6 Apr 2020 11:39:43 +0200 Subject: [PATCH] Add Invoke-LiveResponse to Windows live collection --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 03b386c..c8a1e08 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,7 @@ Digital Forensics and Incident Response (DFIR) teams are groups of people in an * [Fast Evidence Collector Toolkit (FECT)](https://github.com/jipegit/FECT) - Light incident response toolkit to collect evidences on a suspicious Windows computer. Basically it is intended to be used by non-tech savvy people working with a journeyman Incident Handler. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [IREC](https://binalyze.com/products/irec-free/) - All-in-one IR Evidence Collector which captures RAM Image, $MFT, EventLogs, WMI Scripts, Registry Hives, System Restore Points and much more. It is FREE, lightning fast and easy to use. +* [Invoke-LiveResponse](https://github.com/mgreen27/Invoke-LiveResponse) - Invoke-LiveResponse is a live response tool for targeted collection. * [IOC Finder](https://www.fireeye.com/services/freeware/ioc-finder.html) - Free tool from Mandiant for collecting host system data and reporting the presence of Indicators of Compromise (IOCs). Support for Windows only. * [Fidelis ThreatScanner](https://www.fidelissecurity.com/resources/fidelis-threatscanner) - Free tool from Fidelis Cybersecurity that uses OpenIOC and YARA rules to report on the state of an endpoint. The user provides OpenIOC and YARA rules and executes the tool. ThreatScanner measures the state of the system and, when the run is complete, a report for any matching rules is generated. Windows Only. * [LOKI](https://github.com/Neo23x0/Loki) - Free IR scanner for scanning endpoint with yara rules and other indicators(IOCs).