PowerTriage

1.0.1

PowerTriage is a lightweight, dependency-free PowerShell script designed for Incident Response (DFIR) on compromised Windows devices.
It collects critical artifacts (Network, Process, Persistence, System, Browsers) and packages them for analysis.

Features:
- Zero Dependencies: Runs on standard PowerShell 5.1+
- Modular: Full or Minimal collection modes.
- Browser For
PowerTriage is a lightweight, dependency-free PowerShell script designed for Incident Response (DFIR) on compromised Windows devices.
It collects critical artifacts (Network, Process, Persistence, System, Browsers) and packages them for analysis.

Features:
- Zero Dependencies: Runs on standard PowerShell 5.1+
- Modular: Full or Minimal collection modes.
- Browser Forensics: Chrome, Edge, Firefox, Opera, Brave (History, Cookies, Extensions, Sync Status).
- System Triage: Network connections, Processes, Services, Scheduled Tasks, Registry Autoruns.
- Output: Structured CSV/TXT reports and a zipped final package.

Show more

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name PowerTriage

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Jesus Angosto. All rights reserved.

Package Details

FileList

Version History

Version Downloads Last updated
1.0.1 (current version) 5 3/1/2026
1.0.0 4 3/1/2026