{"id":20822008,"url":"https://github.com/mikehorn-git/wafs","last_synced_at":"2025-06-15T15:05:34.741Z","repository":{"id":190465640,"uuid":"682689367","full_name":"MikeHorn-git/WAFS","owner":"MikeHorn-git","description":"Hardened your Windows OS against forensics analysis","archived":false,"fork":false,"pushed_at":"2024-11-27T08:47:24.000Z","size":89,"stargazers_count":21,"open_issues_count":1,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-31T11:51:14.152Z","etag":null,"topics":["anti-forensics","forensics","hardening","windows"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MikeHorn-git.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-24T18:01:01.000Z","updated_at":"2025-03-28T21:08:53.000Z","dependencies_parsed_at":"2024-05-18T21:31:47.514Z","dependency_job_id":"6892cdae-9ea8-49a8-9a2f-2876a8b084fb","html_url":"https://github.com/MikeHorn-git/WAFS","commit_stats":null,"previous_names":["mikehorn-git/wafs"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeHorn-git%2FWAFS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeHorn-git%2FWAFS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeHorn-git%2FWAFS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MikeHorn-git%2FWAFS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MikeHorn-git","download_url":"https://codeload.github.com/MikeHorn-git/WAFS/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252914204,"owners_count":21824328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-forensics","forensics","hardening","windows"],"created_at":"2024-11-17T22:13:42.401Z","updated_at":"2025-05-07T16:25:49.908Z","avatar_url":"https://github.com/MikeHorn-git.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Windows Anti-Forensics Script\n\n![BlackWindows](https://github.com/MikeHorn-git/WAFS/assets/123373126/1667f6e9-273a-4f02-b242-d95659ed76e0)\n\n# ⚠️ Warning\nBackup your data and your registry before.\n\n# Description\nWindows Anti-Forensics Script (WAFS) aim to make forensics investigations on a Windows OS more difficult. WAFS allow you to clean/disable certain files, services, registry keys. And WAFS provide some anti-forensics tools to improve countering forensics analysis.\n\n# Installation\n```bash\nInvoke-WebRequest https://raw.githubusercontent.com/MikeHorn-git/WAFS/main/WAFS.ps1 -Outfile WAFS.ps1\n#Run Powershell with administrator privilege\n.\\WAFS.ps1\n```\n\n# Usage\n```bash\n██╗    ██╗ █████╗ ███████╗███████╗\n██║    ██║██╔══██╗██╔════╝██╔════╝\n██║ █╗ ██║███████║█████╗  ███████╗\n██║███╗██║██╔══██║██╔══╝  ╚════██║\n╚███╔███╔╝██║  ██║██║     ███████║\n ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝     ╚══════╝\n                                  \nWindows Anti-Forensics Script\n\nSyntax: wafs.ps1 -[all|anti|tools]\noptions:\n-all                Install both features.\n-anti               Disable and clear certains windows features and parameters for anti-forensics.\n-tools              Install anti-forensics tools.\n-disable            Only disable windows features without cleaning\n-clean              Only clean\n\n```\n\n# Features\n* Clean\n   * Chrome cache - history - session restore\n   * DNS cache\n   * Edge cache - history\n   * Firefox cache - history\n   * Internet Explorer cache - history - session restore\n   * Last-Visited MRU\n   * OpenSave MRU\n   * Plug and Play logs\n   * PowerShell history\n   * Prefetch\n   * Recent items\n   * RecycleBin\n   * Run command history\n   * Shadow copies\n   * Shellbags\n   * Simcache\n   * System Resource Usage Monitor\n   * Tempory files\n   * Thumbcache\n   * USB history\n   * User Assist\n   * VPN cache\n   * Windows Timeline\n  \n* Disable\n  * Keylogger\n  * NTFS Last Acces Time\n  * Prefetch\n  * Shadow Copies\n  * Shellbags\n  * User Assist\n  * UsnJrnl\n  * Windows Event Logs\n  * Windows Timeline\n\n* Remove\n  * Cortana\n\n# Tools\n* [Bleachbit](https://www.bleachbit.org/)\n* [BusKill](https://github.com/BusKill/buskill-app)\n* [ClamAV](https://www.clamav.net/)\n* [Delete-self-poc](https://github.com/LloydLabs/delete-self-poc)\n* [ExivPilot](https://www.colorpilot.com/)\n* [KeePassXC](https://keepassxc.org/)\n* [SDelete](https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete)\n* [TimeStomper](https://github.com/slyd0g/TimeStomper)\n* [USBSentinel](https://github.com/thereisnotime/xxUSBSentinel/)\n* [VeraCrypt](https://www.veracrypt.fr/en/Home.html)\n\n# Credits\n* [Awesome anti-forensic](https://github.com/shadawck/awesome-anti-forensic)\n* [Background](https://wallpapercave.com/wp/wp3438728.jpg)\n* [Sans Forensics](https://www.sans.org/posters/windows-forensic-analysis/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikehorn-git%2Fwafs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikehorn-git%2Fwafs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikehorn-git%2Fwafs/lists"}