Tools
By

MAES: The M365 Analyzer & Extractor Suite

August 20, 2025

min read

Introducing MAES: The M365 Analyzer & Extractor Suite

Automating Microsoft 365 Forensics & Incident Response

At IONSEC, we’re excited to introduce MAES: The M365 Analyzer & Extractor Suite — an open-source platform purpose-built to simplify and accelerate Microsoft 365 (M365) forensic investigations.

MAES provides DFIR teams with the ability to extract, analyze, and preserve critical evidence from M365 environments — all while maintaining forensic-grade integrity.

Why MAES?

Security teams often struggle with manual, inconsistent, or incomplete evidence collection from M365 tenants during incidents. MAES was designed to solve that gap:

  • Forensic-Ready Extraction – Automates acquisition of M365 logs, mailboxes, SharePoint, OneDrive, and Teams artifacts.
  • Analyzer Modules – Built-in parsers for investigating email headers, login anomalies, and suspicious activity.
  • Chain of Custody Enforcement – Every artifact is hashed (SHA-256) and timestamped to preserve evidentiary integrity.
  • Automation Without Blind Spots – Reduces manual effort while ensuring nothing critical is overlooked.

Key Capabilities

graphical user interface

  • Audit Log Collection – Pulls Unified Audit Logs (UAL) for timeline reconstruction.
  • Mailbox & Message Extraction – Targeted acquisition of suspicious or compromised accounts.
  • SharePoint/OneDrive Evidence – Capture and preserve file access and modification trails.
  • Teams Activity Analysis – Extracts chat histories and file-sharing metadata.
  • Reporting Outputs – JSON, CSV, and HTML reports suitable for SIEM ingestion or executive summaries.

For DFIR Practitioners, By Practitioners

MAES is built by responders who know the pain points of M365 investigations. With MAES, your team can:

  • Respond faster to suspected account takeovers and insider threats
  • Standardize evidence collection across cases
  • Scale investigations in large tenants without losing visibility
  • Share modules and workflows with the wider DFIR community

Join the Project

We’re making MAES available as an open-source suite, and we invite the security community to extend, test, and improve it. Together, we can raise the bar for Microsoft 365 forensics and incident response.

🔗 Get started on GitHub: https://github.com/ionsec/maes-platform
🎥 Watch the demo video: https://vimeo.com/1110003664

No items found.

Read more

August 17, 2025

Tikun13 Checker – כלי קוד פתוח לבדיקת יישום תיקון 13
Tools
Read More

August 11, 2025

DO Audit Log Scraper v2.0
Tools
Read More

August 3, 2025

FlareInspect - Cloudflare Assessment Tool
Tools
Read More