Windows Emergency Response
Critical incident response scripts for compromised Windows systems
Emergency response tools for Windows security incidents. These scripts perform immediate containment, forensic evidence collection, and system isolation during active security events.
Scripts in this Category
Use these tools when responding to:
- Compromised user accounts
- Active malware infections
- Unauthorized system access
- Data exfiltration attempts
- Ransomware incidents
- Insider threat scenarios
Best Practices
Before running emergency scripts:
- Document the incident and justification
- Preserve volatile memory when possible
- Take system snapshots if virtualized
- Notify stakeholders of containment actions
- Follow your incident response plan
After running emergency scripts:
- Review generated reports and logs
- Secure collected evidence
- Document all actions taken
- Conduct post-incident analysis
- Update detection rules based on findings
Requirements
These scripts typically require:
- Domain Administrator privileges (for AD operations)
- Local Administrator privileges (for system operations)
- ActiveDirectory PowerShell module (for account-related scripts)
- Sufficient disk space for forensic data
Support
For issues or questions about these scripts, open an issue on GitHub.