Eric Zimmerman Tool Automation

There are two scripts in this folder; first off is the Get-EricZimmermanToolAnalysis.ps1 script. This script is meant to run eight different Eric Zimmerman tools against a forensic image.

Second is the Get-UniqueEventIDs.ps1. This is an optional second-stage script that will parse the event log output that EvtxECmd generates and extract all 'interesting' events. These events are based off of all the identified Event IDs on the SANS Hunt Evil poster, as well as a few from personal experience. It can be expanded on should you like to customize it.

<img alt="GitHub followers" src="https://img.shields.io/github/followers/loganflook?style=social"><img alt="GitHub User's stars" src="https://img.shields.io/github/stars/loganflook?style=social"><BR /><img alt="GitHub" src="https://img.shields.io/github/license/loganflook/EricZimmermanToolAutomation"><img alt="GitHub commit activity" src="https://img.shields.io/github/commit-activity/m/loganflook/EricZimmermanToolAutomation"><img alt="GitHub All Releases" src="https://img.shields.io/github/downloads/loganflook/EricZimmermanToolAutomation/total"><img alt="GitHub repo size" src="https://img.shields.io/github/repo-size/loganflook/EricZimmermanToolAutomation"><img alt="GitHub language count" src="https://img.shields.io/github/languages/count/loganflook/EricZimmermanToolAutomation"><img alt="GitHub issues" src="https://img.shields.io/github/issues/loganflook/EricZimmermanToolAutomation"><img alt="GitHub top language" src="https://img.shields.io/github/languages/top/loganflook/EricZimmermanToolAutomation">