From 6608ce8367a5dedb5475f9675a9016f00f41ced1 Mon Sep 17 00:00:00 2001
From: Rahmat Nurfauzi <rahmat.nf42@gmail.com>
Date: Thu, 8 Apr 2021 17:58:55 +0700
Subject: [PATCH] Added ADTimeline tool

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 0e7f648..02a7fce 100644
--- a/README.md
+++ b/README.md
@@ -431,7 +431,9 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
 * [Sparrow](https://github.com/cisagov/Sparrow) - Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
 * [DFIR-O365RC](https://github.com/ANSSI-FR/DFIR-O365RC) - The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations.
 * [AzureADIncidentResponse](https://www.powershellgallery.com/packages/AzureADIncidentResponse/4.0) - Tooling to assist in Azure AD incident response
+* [ADTimeline](https://github.com/ANSSI-FR/ADTimeline) - The ADTimeline script generates a timeline based on Active Directory replication metadata for objects considered of interest.
 
+* 
 ### Sysmon Configuration
 * [sysmon-modular](https://github.com/olafhartong/sysmon-modular) - A Sysmon configuration repository for everybody to customise
 * [sysmon-dfir](https://github.com/MHaggis/sysmon-dfir) - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.