PSRecon
A PowerShell script for live forensic data acquisition and endpoint lockdown during Windows incident response.
What is PSRecon?
PSRecon is a PowerShell script for live forensic data acquisition from Windows systems during security incidents. It collects system data, organizes evidence, and can quarantine compromised hosts to prevent malware spread. The tool is designed for rapid response, helping security teams gather critical information before isolating affected endpoints.
Incident responders, security analysts, and IT teams managing Windows environments who need to quickly investigate and contain security breaches. It's particularly useful for organizations with active defense frameworks or SIEM integrations.
Developers choose PSRecon for its automation of forensic data collection and endpoint lockdown in a single, self-contained script. It reduces manual effort during crises, provides integrity via hashing, and offers flexible output options without requiring a centralized server.
Overview
:rocket: PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
