RDP-Forensic

2.0.0

A comprehensive PowerShell toolkit for RDP forensics analysis, tracking connection attempts, authentication, sessions, and logoffs across Windows Event Logs for security monitoring and incident response.

Minimum PowerShell version

5.1

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name RDP-Forensic -RequiredVersion 2.0.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name RDP-Forensic -Version 2.0.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Jan Tiedemann. All rights reserved.

Package Details

Author(s)

  • Jan Tiedemann

Tags

RDP Forensics Security EventLog RemoteDesktop Audit Compliance Monitoring Windows Investigation

Functions

Get-CurrentRDPSessions Get-RDPForensics

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

## [2.0.0] - 2026-03-31

### Added

- For new features.

### Changed

- For changes in existing functionality.

### Deprecated

- For soon-to-be removed features.

### Removed

- For now removed features.

### Fixed

- For any bug fix.

### Security

- In case of vulnerabilities.

FileList

Version History

Version Downloads Last updated
2.1.3 5 3/31/2026
2.1.2-previe... 2 3/31/2026
2.1.1 2 3/31/2026
2.1.0 2 3/31/2026
2.0.1-previe... 2 3/31/2026
2.0.0 (current version) 4 3/31/2026
0.2.0-previe... 3 3/31/2026
0.2.0-previe... 2 3/31/2026
Show less