← All tools

dfir-orc

https://dfir-orc.github.io

Open Source

Categories

Forensics

Description

Forensics artefact collection tool for systems running Microsoft Windows

Keywords

collection dfir incident-response c++

Screenshots

Example Usage

winget install Microsoft.Git

# Copy .vsconfig file or clone the repository and install Visual Studio
git clone --recursive https://github.com/dfir-orc/dfir-orc.git
cd dfir-orc
winget install --id Microsoft.VisualStudio.2022.BuildTools --override "--passive --config .vsconfig"

Import-Module "C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\Common7\Tools\Microsoft.VisualStudio.DevShell.dll"
Enter-VsDevShell -VsInstallPath "C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools" -SkipAutomaticLocation

.\Build-Orc.ps1  # Powershell >=5.1