Home

Awesome

alt text Language Documentation Latest Version GitHub stars Contributors PS Gallery Downloads Maintenance

Getting started with the Microsoft-Extractor-Suite

To get started with the Microsoft-Extractor-Suite, check out the Microsoft-Extractor-Suite docs.

About Microsoft-Extractor-Suite

Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft.

The following Microsoft data sources are supported:

In addition to the log sources above the tool is also able to retrieve other relevant information:

Microsoft-Extractor-Suite was created by Joey Rentenaar and Korstiaan Stam and is maintained by the Invictus IR team.

Usage

To get started with the Microsoft-Extractor-Suite tool, make sure the requirements are met. If you do not have the Connect-ExchangeOnline, AZ module or/and Connect-AzureAD installed check the installation guide.

Install the Microsoft-Extractor-Suite toolkit:

Install-Module -Name Microsoft-Extractor-Suite

To import the Microsoft-Extractor-Suite:

Import-Module .\Microsoft-Extractor-Suite.psd1

You must sign-in to Microsoft 365 or Azure depending on your use case before running the functions. To sign in, use one of the cmdlets:

Connect-M365

Connect-Azure

Connect-AzureAZ

Related Projects

To enhance your analysis, consider exploring the Microsoft-Analyzer-Suite developed by evild3ad. This suite offers a collection of PowerShell scripts specifically designed for analyzing Microsoft 365 and Microsoft Entra ID data, which can be extracted using the Microsoft-Extractor-Suite.