Releases: matthastings/PSalander
Releases · matthastings/PSalander
Initial Release
Initial public release * inital commit * wc * wc * wc * wc * wc * wc * moving to module * restructing dirs * switch to module * moving lib into EventTrace module * add stop session * WIP commit * rewording * Add support for multiple ETW providers in single session * working commit * Deleting old folders and adding new functions * Adding gitignore * Starting to add pester tests * Adding more pester testing * rearrange get-etwsession function * small change to etwsession function * Add more pester testing * Updating readme * Rearranged session enumeration functions * Adds provider directory and some notes * Add in keyword object * Fix failing pester test * Fix start-session to accept object * Pester tests now invoke full etw session * small change to tests * Get-ProviderKeywords to Get-ETWProviderKeywords * First parser commit * Small update to process parser * Ignoring etl files * Adding Providers and notes on DNS * Adds DNS Event Ids and Descriptions * Adding more DNS info * Adds some PoC work for parsing DNS events to objects * Adds event parsing, but there's a bug * Add parser for kernel process * Updating function docs * Remove failing test * Starting to add network events * Adding network connection support * Small change to docs * Add Start-ETWForensicCollection function * Minor spelling fix * adding more notes to kernel process events * Adding provider exists check * Adds .DS_Store * Moves synopsis inside function * starting kernel file * Adding in file event parser * Fixing bug in process id parsing * Add logic for process reuse * Fix bug in process reuse code * Adding DLLs for kernel session * Adds DNS to Start-ETWForensicCollection * Fixing image load bug with process end time * Adding DNS to etwforensic collection and log parsing * Updating DNS parsing * Fixing bug in filtering and dns * Removing debug strings * Add in EnableVerbosity option to etwforensic func * Adding in thread start/stop events * Add in thread keyword to forensic collection func * Major reword to support thread tracking * Fixing bug in DNS tracking * fixing minor bug in thread net connections * Updating readme * small change to readme * Add in kernel session support to capture command line * Updating kernel session parsing code * Updating readme * Fixing path and infinite loop bugs * Add new write-log function for console logging * Adding support for different logging levels * fixing a bunch of bugs * Adding more example in the readme * Renaming module * Adding files for rename * Final rename commit * Adding demo content * Updating readme * More Readme updates * Readme changes * Last readme updates for the night * Adds dcdemo files * Fixing small thread parsing bug * Updating demo.txt * Adding new demo.xml * Minor tweaks to demo.txt * More demo updates * Demo all the things * Adding powershell logging * Adds compressed etl files * Updating demo materials * Demo updates * Demo tweaks * other minor demo tweaks * Adding graph function