autoruns

Kansa: Get-LogparserStack.ps1

Kansa: Get-LogparserStack.ps1

| | autoruns, frequency analysis, Kansa, least frequent occurrence, Logparser, stack ranking, stacking
Kansa is an incident response framework written in PowerShell, useful for data collection and analysis. Most of the analysis capabilities in Kansa require Logparser, which is a very handy tool for creating ...
trustedsignal -- blog
Kansa: Get-AutorunscDeep.ps1 -- Taking Autorunsc to 11

Kansa: Get-AutorunscDeep.ps1 — Taking Autorunsc to 11

| | asep, autoruns, DFIR, entropy, Get-AutorunscDeep.ps1, IR, Kansa, persistence
I wanted to put up a quick post about a new Kansa collector I recently added -- Get-AutorunscDeep.ps1. Sysinternals' Autoruns is a great utility for finding auto-start extension points in Windows and ...
trustedsignal -- blog
Kansa: Service related collectors and analysis

Kansa: Service related collectors and analysis

| | aseps, autoruns, DFIR, Failures, frequency analysis, Kansa, services, stack ranking, stacking, triggers
In my previous post on Kansa's Autoruns collectors and analysis scripts, I mentioned that the Get-Aurounsc.ps1 collector relies on Sysinternals' Autorunsc.exe to collect data on all of the Autostart Extension Points (ASEPs) that ...
trustedsignal -- blog
Kansa: Autoruns data and analysis

Kansa: Autoruns data and analysis

| | aseps, autoruns, DFIR, Kansa
I want your input.With the "Trailer Park" release of Kansa marking a milestone for the core framework, I'm turning my focus to analysis scripts for data collected by the current set of modules. As of ...
trustedsignal -- blog