Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mikehorn-git/wafs

Windows Anti-Forensics Script (WAFS) hardened your Windows OS against forensics analysis.
https://github.com/mikehorn-git/wafs

anti-forensics forensics hardening powershell security windows

Last synced: about 10 hours ago
JSON representation

Windows Anti-Forensics Script (WAFS) hardened your Windows OS against forensics analysis.

Host: GitHub
URL: https://github.com/mikehorn-git/wafs
Owner: MikeHorn-git
License: mit
Created: 2023-08-24T18:01:01.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-11-13T15:20:13.000Z (5 days ago)
Last Synced: 2024-11-13T16:28:04.207Z (5 days ago)
Topics: anti-forensics, forensics, hardening, powershell, security, windows
Language: PowerShell
Homepage:
Size: 82 KB
Stars: 8
Watchers: 1
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Windows Anti-Forensics Script

![BlackWindows](https://github.com/MikeHorn-git/WAFS/assets/123373126/1667f6e9-273a-4f02-b242-d95659ed76e0)

# ⚠️ Warning
Backup your data and your registry before.

# Description
Windows Anti-Forensics Script (WAFS) aim to make forensics investigations on a Windows OS more difficult. WAFS allow you to clean/disable certain files, services, registry keys. And WAFS provide some anti-forensics tools to improve countering forensics analysis.

# Installation
```bash
Invoke-WebRequest https://raw.githubusercontent.com/MikeHorn-git/WAFS/main/WAFS.ps1 -Outfile WAFS.ps1
#Run Powershell with administrator privilege
.\WAFS.ps1
```

# Usage
```bash
██╗ ██╗ █████╗ ███████╗███████╗
██║ ██║██╔══██╗██╔════╝██╔════╝
██║ █╗ ██║███████║█████╗ ███████╗
██║███╗██║██╔══██║██╔══╝ ╚════██║
╚███╔███╔╝██║ ██║██║ ███████║
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚══════╝

Windows Anti-Forensics Script

Syntax: wafs.ps1 -[all|anti|tools]
options:
-all Install both features.
-anti Disable and clear certains windows features and parameters for anti-forensics.
-tools Install anti-forensics tools.
-disable Only disable windows features without cleaning
-clean Only clean

```

# Features
* Clean
* Chrome cache - history - session restore
* DNS cache
* Edge cache - history
* Firefox cache - history
* Internet Explorer cache - history - session restore
* Last-Visited MRU
* OpenSave MRU
* Plug and Play logs
* PowerShell history
* Prefetch
* Recent items
* RecycleBin
* Run command history
* Shadow copies
* Shellbags
* Simcache
* System Resource Usage Monitor
* Tempory files
* Thumbcache
* USB history
* User Assist
* VPN cache
* Windows Timeline

* Disable
* Keylogger
* NTFS Last Acces Time
* Prefetch
* Shadow Copies
* Shellbags
* User Assist
* UsnJrnl
* Windows Event Logs
* Windows Timeline

* Remove
* Cortana

# Tools
* [Bleachbit](https://www.bleachbit.org/)
* [BusKill](https://github.com/BusKill/buskill-app)
* [ClamAV](https://www.clamav.net/)
* [Delete-self-poc](https://github.com/LloydLabs/delete-self-poc)
* [ExivPilot](https://www.colorpilot.com/)
* [KeePassXC](https://keepassxc.org/)
* [SDelete](https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete)
* [TimeStomper](https://github.com/slyd0g/TimeStomper)
* [USBSentinel](https://github.com/thereisnotime/xxUSBSentinel/)
* [VeraCrypt](https://www.veracrypt.fr/en/Home.html)

# Credits
* [Awesome anti-forensic](https://github.com/shadawck/awesome-anti-forensic)
* [Background](https://wallpapercave.com/wp/wp3438728.jpg)
* [Sans Forensics](https://www.sans.org/posters/windows-forensic-analysis/)