Add: jklepsercyber/defender-detectionhistory-parser to DFIR section

2025-01-10 15:19:28 -05:00 · 2022-01-10 10:31:46 +07:00 · 2022-01-10 10:31:46 +07:00 · 17e4d71e07
commit 17e4d71e07
parent ee389c975c
1 changed files with 4 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1545,6 +1545,10 @@ This repository is created as an online bookmark for useful links, resources and
        <td><a href="https://github.com/jimtin/IRCoreForensicFramework">jimtin/IRCoreForensicFramework</a></td>
        <td>Powershell 7 (Powershell Core)/ C# cross platform forensic framework. Built by incident responders for incident responders.</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/jklepsercyber/defender-detectionhistory-parser">jklepsercyber/defender-detectionhistory-parser</a></td>
+        <td>A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/JPCERTCC/LogonTracer">JPCERTCC/LogonTracer</a></td>
        <td>Investigate malicious Windows logon by visualizing and analyzing Windows event log</td>