Backup your data and your registry before.
Windows Anti-Forensics Script (WAFS) aim to make forensics investigations on a Windows OS more difficult. WAFS allow you to clean/disable certain files, services, registry keys. And WAFS provide some anti-forensics tools to improve countering forensics analysis.
Invoke-WebRequest https://raw.githubusercontent.com/MikeHorn-git/WAFS/main/WAFS.ps1 -Outfile WAFS.ps1
#Run Powershell with administrator privilege
.\WAFS.ps1
██╗ ██╗ █████╗ ███████╗███████╗
██║ ██║██╔══██╗██╔════╝██╔════╝
██║ █╗ ██║███████║█████╗ ███████╗
██║███╗██║██╔══██║██╔══╝ ╚════██║
╚███╔███╔╝██║ ██║██║ ███████║
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚══════╝
Windows Anti-Forensics Script
Syntax: wafs.ps1 -[all|anti|tools]
options:
-all Install both features.
-anti Disable and clear certains windows features and parameters for anti-forensics.
-tools Install anti-forensics tools.
-disable Only disable windows features without cleaning
-clean Only clean
-
Clean
- Chrome cache - history - session restore
- DNS cache
- Edge cache - history
- Firefox cache - history
- Internet Explorer cache - history - session restore
- Last-Visited MRU
- OpenSave MRU
- Plug and Play logs
- PowerShell history
- Prefetch
- Recent items
- RecycleBin
- Run command history
- Shadow copies
- Shellbags
- Simcache
- System Resource Usage Monitor
- Tempory files
- Thumbcache
- USB history
- User Assist
- VPN cache
- Windows Timeline
-
Disable
- Keylogger
- NTFS Last Acces Time
- Prefetch
- Shadow Copies
- Shellbags
- User Assist
- UsnJrnl
- Windows Event Logs
- Windows Timeline
-
Remove
- Cortana