ADS-Zone.Identifier

This script is inelegant but straightforward and identifies downloaded files and the url from which the file was downloaded (if ADS Zone Identifier is available) in the System32 directory. Additionally, it also identifies .iso and .img files in the user's download directory.

This is intended for Incident Responders, SOC Analysts, and Threat Researchers. I attempt to remove some popular OS files for those of us who do a terrible job at deleting huge .img files after they have served their purpose.

Thanks to Mike Manrod for sharing the idea and to Harlan Carvey for the original research.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
LICENSE		LICENSE
README.md		README.md
downloadedFiles_zoneIdentifier.ps1		downloadedFiles_zoneIdentifier.ps1
zoneidentifier.png		zoneidentifier.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

downloadedFiles_zoneIdentifier.ps1

downloadedFiles_zoneIdentifier.ps1

zoneidentifier.png

zoneidentifier.png

Repository files navigation

ADS-Zone.Identifier

PRs are welcome.

About

Languages

License

Arizona-Cyber-Threat-Response-Alliance/ADS-Zone.Identifier

Folders and files

Latest commit

History

Repository files navigation

ADS-Zone.Identifier

PRs are welcome.

About

Topics

Resources

License

Stars

Watchers

Forks

Languages