PowerForensics
1.0.1.3
A Digital Forensics framework for Windows PowerShell.
Installation Options
Owners
Copyright
(c) 2015 Invoke-IR. All rights reserved.
Package Details
Author(s)
- JaredAtkinson
Tags
Forensics DigitalForensics PowerForensics DFIR IncidentResponse
Cmdlets
ConvertFrom-BinaryData ConvertTo-Timeline Copy-File Get-AlternateDataStream Get-Amcache Get-AttrDef Get-Bitmap Get-BootSector Get-ChildItem Get-Content Get-EventLog Get-ExplorerTypedPath Get-FileRecord Get-FileRecordIndex Get-FileSlack Get-GuidPartitionTable Get-MasterBootRecord Get-MftSlack Get-NetworkList Get-PartitionTable Get-Prefetch Get-RecentFileCache Get-RegistryKey Get-RegistryValue Get-RunMostRecentlyUsed Get-ScheduledJob Get-ShellLink Get-Shimcache Get-Sid Get-Timeline Get-Timezone Get-TypedUrl Get-UnallocatedSpace Get-UserAssist Get-UsnJrnl Get-UsnJrnlInformation Get-VolumeBootRecord Get-VolumeInformation Get-VolumeName Get-WindowsSearchHistory Invoke-DD
Dependencies
This module has no dependencies.
Release Notes
Added Shimcache parsing
- Get-ForensicShimcache
FileList
- PowerForensics.nuspec
- Antlr4.Runtime.dll
- PowerForensics.dll
- PowerForensics.pdb
- PowerForensics.ps1xml
- PowerForensics.psd1
- PowerForensics_Types.ps1xml
- BinShredDemo\bin.bin
- BinShredDemo\binParser.bst
- BinShredDemo\bitmap.bst
- BinShredDemo\example.tar
- BinShredDemo\hello_world.bmp
- BinShredDemo\Import-HelloWorldBitmap.ps1
- BinShredDemo\tar.bst
- BinShredDemo\tar_full.bst
- BinShredDemo\wordParser.bst
- BinShredDemo\words.bin
- en-US\about_binshred.help.txt
- en-US\PowerForensics.dll-Help.xml
- Tests\PowerForensics.Tests.ps1