Complied Binary of DFIR-ORC see : https://github.com/DFIR-ORC/dfir-orc
You can found in "not configured" all binary you have after build the exe.
You can found in "configured" the binary with all tools recommend by the ANSSI and i have added Zirolite.
- Update DFIR-ORC to 10.2.3
- Added Zircolite
- Change config for using Dumpit
List of binary complied
- autorunsc.exe: V14.10 - SHA1: a8a3504eaf57a7d640bd42b5d59d2b8afa3e5f33
- DFIR-Orc_x64.exe: V10.2.3 - SHA1: ce480e18c8e357cd5a94947413f78a89b467abb2
- DFIR-Orc_x86.exe: V10.2.3 - SHA1: 8a417b7c8466b823273d60d7c06bec5d3105a62b
- DumpIt.exe: - SHA1: 5741af8cc8a4ded2780cb3f37ca29a5796c6d858
- FastFind_x64.exe: V10.2.3 - SHA1: 8d87fe2ac25f908653c686ecd93e75ea507221d9
- FastFind_x86.exe: V10.2.3 - SHA1: 06a2d97e7a175e21bf6969a9f6ece24731f382a5
- handle.exe: 5.0 - SHA1: 05d4842c6e9b5f9430dad76a20c2a4a6feae0bf0
- Listdlls.exe: 3.20 - SHA1: fbac538166d61b4f10db934bd4bc1b86c81e56fb
- PsService.exe: 2.26 - SHA1: 1ca7e6ac6128bb1f4e0318a28310525baf7c67c6
- tcpvcon.exe: 4.19 - SHA1: 6b936b5a5b4451bc4f147dad6cd2a7072a799d03
- winpmem.exe: 1.6 - SHA1: 4634f64b60625fdc2cdc3781f5c2d33653b2e5a2
- zircolite_win10.exe: 2.9.10 - SHA1: 70a227cd9fc0497b832015397dfaad5b6b5f1f68