A collection of scripts
| Purpose | Download | |
| Windows 10: get BitLocker key | BitLocker-GetKey.ps1 | |
| Windows 10: NTFS disable ‘last accessed’ timestamps | For forensics obfuscation | NTFS-LastAccessTimeDisable.reg NTFS-LastAccessTimeEnable.reg |
| Windows 10: enable registry backups | win10-RegBackupEnable.reg | |
| Windows 10: disable Windows Defender anti-virus | win10-DefenderAntivirusDisable.reg win10-SmartScreen_HKCU_Disable.reg win10-LUADisable.reg | |
| Windows 10: boot time diagnostics (“boot trace”) | For diagnosing boot-up issues (slow boot, freezing, etc) | win10-boot-trace.bat |
| Windows 10: batch register all DLL and OCX files in a directory | regsvr32-DLL-OCX-registerAll.bat | |
| Windows 10: Explorer (shell) delete IconCache | ||
| Windows 10: get Windows product license key from motherboard BIOS | WindowsKeyFromBIOS.bat | |
| Windows 10: remove all NTFS ADS from drive (requires Microsoft ‘sysinternals’) | StripADS-entireDrive.bat | |
| Microsoft Outlook: enable attachments by file extension (Windows registry, per-user) | Outlook-Filetypes.reg | |
| Windows 10: NTFS file timestamp modification | For forensics obfuscation Edit the NTFS timestamps on a file, or set of files: – creation date – last modified date – last access date | NTFS-timestamp-2.ps1 |