PowerForensics
1.0.2
A Digital Forensics framework for Windows PowerShell.
Installation Options
Owners
Copyright
(c) 2015 Invoke-IR. All rights reserved.
Package Details
Author(s)
- JaredAtkinson
Tags
DigitalForensics DFIR Forensics PowerForensics IncidentResponse
Cmdlets
ConvertFrom-BinaryData ConvertTo-ForensicTimeline Copy-ForensicFile Get-ForensicAlternateDataStream Get-ForensicAmcache Get-ForensicAttrDef Get-ForensicBitmap Get-ForensicBootSector Get-ForensicChildItem Get-ForensicContent Get-ForensicEventLog Get-ForensicExplorerTypedPath Get-ForensicFileRecord Get-ForensicFileRecordIndex Get-ForensicFileSlack Get-ForensicGuidPartitionTable Get-ForensicMasterBootRecord Get-ForensicMftSlack Get-ForensicNetworkList Get-ForensicOfficeFileMru Get-ForensicOfficeOutlookCatalog Get-ForensicOfficePlaceMru Get-ForensicOfficeTrustRecord Get-ForensicPartitionTable Get-ForensicPrefetch Get-ForensicRecentFileCache Get-ForensicRegistryKey Get-ForensicRegistryValue Get-ForensicRunKey Get-ForensicRunMru Get-ForensicScheduledJob Get-ForensicShellLink Get-ForensicShimcache Get-ForensicSid Get-ForensicTimeline Get-ForensicTimezone Get-ForensicTypedUrl Get-ForensicUnallocatedSpace Get-ForensicUserAssist Get-ForensicUsnJrnl Get-ForensicUsnJrnlInformation Get-ForensicVolumeBootRecord Get-ForensicVolumeInformation Get-ForensicVolumeName Get-ForensicWindowsSearchHistory Invoke-ForensicDD
Dependencies
This module has no dependencies.
Release Notes
Added 5 cmdlets:
- Get-ForensicOfficeFileMru
- Get-ForensicOfficeOutlookCatalog
- Get-ForensicOfficePlaceMru
- Get-ForensicOfficeTrustRecord
- Get-ForesnicRunKey
A number of bugs fixed and code efficiencies added.
FileList
- PowerForensics.nuspec
- Antlr4.Runtime.dll
- PowerForensics.dll
- PowerForensics.pdb
- PowerForensics.ps1xml
- PowerForensics.psd1
- PowerForensics_Types.ps1xml
- BinShredDemo\bin.bin
- BinShredDemo\binParser.bst
- BinShredDemo\bitmap.bst
- BinShredDemo\example.tar
- BinShredDemo\hello_world.bmp
- BinShredDemo\Import-HelloWorldBitmap.ps1
- BinShredDemo\tar.bst
- BinShredDemo\tar_full.bst
- BinShredDemo\wordParser.bst
- BinShredDemo\words.bin
- en-US\about_binshred.help.txt
- en-US\PowerForensics.dll-Help.xml
- Tests\PowerForensics.Tests.ps1