forked from PSGumshoe/PSGumshoe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
PSGumshoe.psm1
107 lines (101 loc) · 4.95 KB
/
PSGumshoe.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Importing module files
# Directory Service Functions
#-----------------------------
. $PSScriptRoot\DirectoryService\PrivateFunctions.ps1
. $PSScriptRoot\DirectoryService\Get-DSForest.ps1
. $PSScriptRoot\DirectoryService\Get-DSDirectoryEntry.ps1
. $PSScriptRoot\DirectoryService\Get-DSDirectorySearcher.ps1
. $PSScriptRoot\DirectoryService\Get-DSComputer.ps1
. $PSScriptRoot\DirectoryService\Get-DSDomain.ps1
. $PSScriptRoot\DirectoryService\Get-DSGpo.ps1
. $PSScriptRoot\DirectoryService\Get-DSUser.ps1
. $PSScriptRoot\DirectoryService\Get-DSReplicationAttribute.ps1
. $PSScriptRoot\DirectoryService\Get-DSGroup.ps1
. $PSScriptRoot\DirectoryService\Get-DSGroupMember.ps1
. $PSScriptRoot\DirectoryService\Get-DSOU.ps1
. $PSScriptRoot\DirectoryService\Get-DSTrust.ps1
. $PSScriptRoot\DirectoryService\Get-DSObjectAcl.ps1
# Volatile Information Functions
#-----------------------------
#. $PSScriptRoot\Volatile\Get-InjectedThread.ps1
. $PSScriptRoot\Volatile\Get-LogonSession.ps1
. $PSScriptRoot\Volatile\Get-NamedPipe.ps1
#. $PSScriptRoot\Volatile\Stop-Thread.ps1
# Analysis Functions
#-----------------------------
. $PSScriptRoot\Analysis\Measure-CharacterFrequency.ps1
. $PSScriptRoot\Analysis\Measure-DamerauLevenshteinDistance.ps1
. $PSScriptRoot\Analysis\Measure-VectorSimilarity.ps1
# Event Log Functions
#-----------------------------
. $PSScriptRoot\EventLog\Get-EventPsEngineState.ps1
. $PSScriptRoot\EventLog\Get-EventPsIPC.ps1
. $PSScriptRoot\EventLog\Get-EventPsPipeline.ps1
. $PSScriptRoot\EventLog\Get-EventPsScriptCommandExec.ps1
. $PSScriptRoot\EventLog\Get-EventPsScriptBlock.ps1
. $PSScriptRoot\EventLog\Get-WinEventBaseXPathFilter.ps1
. $PSScriptRoot\EventLog\ConvertFrom-SysmonEventLogRecord.ps1
. $PSScriptRoot\EventLog\ConvertFrom-EventEventXMLRecord.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessAccess.ps1
. $PSScriptRoot\EventLog\Get-SysmonConfigChange.ps1
. $PSScriptRoot\EventLog\Get-SysmonConnectNamedPipe.ps1
. $PSScriptRoot\EventLog\Get-SysmonCreateNamedPipe.ps1
. $PSScriptRoot\EventLog\Get-SysmonCreateRemoteThreadEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonDriverLoadEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonFileCreateEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonFileStreamHash.ps1
. $PSScriptRoot\EventLog\Get-SysmonFileTime.ps1
. $PSScriptRoot\EventLog\Get-SysmonImageLoadEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonNetworkConnect.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessCreateEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessTampering.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessTerminateEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonRawAccessRead.ps1
. $PSScriptRoot\EventLog\Get-SysmonRegistryKey.ps1
. $PSScriptRoot\EventLog\Get-SysmonRegistryRename.ps1
. $PSScriptRoot\EventLog\Get-SysmonRegistrySetValue.ps1
. $PSScriptRoot\EventLog\Get-SysmonClipboardChange.ps1
. $PSScriptRoot\EventLog\Get-SysmonWmiBinding.ps1
. $PSScriptRoot\EventLog\Get-SysmonWmiConsumer.ps1
. $PSScriptRoot\EventLog\Get-SysmonWmiFilter.ps1
. $PSScriptRoot\EventLog\Get-SysmonNetworkConnect.ps1
. $PSScriptRoot\EventLog\Get-SysmonDNSQuery.ps1
. $PSScriptRoot\EventLog\Get-SysmonFileDeleteDetectedEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonError.ps1
. $PSScriptRoot\EventLog\Search-SysmonEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessActivityEvent.ps1
. $PSScriptRoot\EventLog\Get-SysmonProcessActivityEvent.ps1
. $PSScriptRoot\EventLog\Search-EventLogEventData.ps1
. $PSScriptRoot\EventLog\Search-EventLogEventXML.ps1
. $PSScriptRoot\EventLog\ConvertFrom-EventLogonRecord.ps1
. $PSScriptRoot\EventLog\ConvertFrom-EventEventXMLRecord.ps1
. $PSScriptRoot\EventLog\Get-EventSystemLogon.ps1
. $PSScriptRoot\EventLog\Get-EventSystemLogoff.ps1
. $PSScriptRoot\EventLog\Get-EventTerminalLogon.ps1
. $PSScriptRoot\EventLog\Get-EventTerminalLogoff.ps1
. $PSScriptRoot\EventLog\Get-EventScheduledTaskStart.ps1
. $PSScriptRoot\EventLog\Get-EventScheduledTaskProcess.ps1
. $PSScriptRoot\EventLog\Get-EventScheduledTaskStop.ps1
. $PSScriptRoot\EventLog\Get-EventScheduledTaskComplete.ps1
. $PSScriptRoot\EventLog\Get-EventBitsTransferComplete.ps1
. $PSScriptRoot\EventLog\Get-EventBitsTransferStart.ps1
. $PSScriptRoot\EventLog\Get-SysmonAccessMask.ps1
. $PSScriptRoot\EventLog\Get-SysmonRuleHash.ps1
. $PSScriptRoot\EventLog\Get-EventProcessCreate.ps1
. $PSScriptRoot\EventLog\ConvertTo-SysmonRule.ps1
. $PSScriptRoot\EventLog\Clear-WinEvent.ps1
. $PSScriptRoot\EventLog\Export-WinEvent.ps1
. $PSScriptRoot\EventLog\Get-EventWmiProviderStart.ps1
. $PSScriptRoot\EventLog\Get-EventWmiOperationFailure.ps1
. $PSScriptRoot\EventLog\Search-EventLogUserData.ps1
. $PSScriptRoot\EventLog\Get-EventWmiTemporaryEvent.ps1
. $PSScriptRoot\EventLog\Get-EventWmiPermanentEvent.ps1
. $PSScriptRoot\EventLog\Get-EventWmiObjectAccess.ps1
# CIM Collection Functions
#-------------------------
. $PSScriptRoot\CIM\Get-CimLogonSession.ps1
. $PSScriptRoot\CIM\Get-CimProcessLogonSession.ps1
. $PSScriptRoot\CIM\Get-CimProcess.ps1
. $PSScriptRoot\CIM\Get-CimComputerInfo.ps1
. $PSScriptRoot\CIM\Get-CimDNSCache.ps1
. $PSScriptRoot\CIM\Get-CimNetLogon.ps1