Skip to content

Hardened your Windows OS against forensics analysis

License

Notifications You must be signed in to change notification settings

MikeHorn-git/WAFS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Windows Anti-Forensics Script

BlackWindows

⚠️ Warning

Backup your data and your registry before.

Description

Windows Anti-Forensics Script (WAFS) aim to make forensics investigations on a Windows OS more difficult. WAFS allow you to clean/disable certain files, services, registry keys. And WAFS provide some anti-forensics tools to improve countering forensics analysis.

Installation

Invoke-WebRequest https://raw.githubusercontent.com/MikeHorn-git/WAFS/main/WAFS.ps1 -Outfile WAFS.ps1
#Run Powershell with administrator privilege
.\WAFS.ps1

Usage

██╗    ██╗ █████╗ ███████╗███████╗
██║    ██║██╔══██╗██╔════╝██╔════╝
██║ █╗ ██║███████║█████╗  ███████╗
██║███╗██║██╔══██║██╔══╝  ╚════██║
╚███╔███╔╝██║  ██║██║     ███████║
 ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝     ╚══════╝
                                  
Windows Anti-Forensics Script

Syntax: wafs.ps1 -[all|anti|tools]
options:
-all                Install both features.
-anti               Disable and clear certains windows features and parameters for anti-forensics.
-tools              Install anti-forensics tools.
-disable            Only disable windows features without cleaning
-clean              Only clean

Features

  • Clean

    • Chrome cache - history - session restore
    • DNS cache
    • Edge cache - history
    • Firefox cache - history
    • Internet Explorer cache - history - session restore
    • Last-Visited MRU
    • OpenSave MRU
    • Plug and Play logs
    • PowerShell history
    • Prefetch
    • Recent items
    • RecycleBin
    • Run command history
    • Shadow copies
    • Shellbags
    • Simcache
    • System Resource Usage Monitor
    • Tempory files
    • Thumbcache
    • USB history
    • User Assist
    • VPN cache
    • Windows Timeline
  • Disable

    • Keylogger
    • NTFS Last Acces Time
    • Prefetch
    • Shadow Copies
    • Shellbags
    • User Assist
    • UsnJrnl
    • Windows Event Logs
    • Windows Timeline
  • Remove

    • Cortana

Tools

Credits