BCWHSendpointIR

1.1

BCWHSendpointIR.psm1

                                
<#PSScriptInfo

.VERSION 1.1

.GUID 0b8519aa-b3da-46a5-8f6b-3f54caf9abd9

.AUTHOR WadeBach22

.COMPANYNAME 

.COPYRIGHT 

.TAGS 

.LICENSEURI 

.PROJECTURI 

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information.

#>

<# 

.DESCRIPTION 

 Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information.

#> 

Param()

function Get-BCWHScheckIRProcess {

  Get-Process | Sort-Object -Descending WS;

}

function Get-BCWHScheckIRCounter {

  Get-Counter;

}

function Get-BCWHScheckIRAppLogs {

  Get-EventLog -logName "Application" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}

function Get-BCWHScheckIRServices {

  Get-Service | Select-Object Name, DisplayName, Status, StartType;

}

function Get-BCWHScheckIRNetwork {

  Get-NetTCPConnection | Select-Object creationtime, localaddress, localport, RemoteAddress, Remoteport;

}

function Get-BCWHScheckIRTasks {

  Get-ScheduledTask;

}

function Get-BCWHScheckIRListUsers {

  Get-LocalGroupMember Administrators;

}

function Get-BCWHScheckIRUsers {

  Get-CimInstance �ClassName Win32_ComputerSystem;

}

function Get-BCWHScheckIRSoftware {

  Get-WinEvent -ProviderName msiinstaller | where id -eq 1033 | select timecreated,message | FL *;

}

function Get-BCWHScheckIRBLStatus {

  manage-bde -status;

}

function Get-BCWHScheckIRBLVolume {

  Get-BitLockerVolume;

}

function Get-BCWHScheckIRSecurityLogs {

  Get-EventLog -logName "Security" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}

function Get-BCWHScheckIRSystemLogs {

  Get-EventLog -logName "System" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}