RDP-Forensic

2.1.2-preview0001

A comprehensive PowerShell toolkit for RDP forensics analysis, tracking connection attempts, authentication, sessions, and logoffs across Windows Event Logs for security monitoring and incident response.

Minimum PowerShell version

5.1

This is a prerelease version of RDP-Forensic.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name RDP-Forensic -RequiredVersion 2.1.2-preview0001 -AllowPrerelease

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name RDP-Forensic -Version 2.1.2-preview0001 -Prerelease

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Jan Tiedemann. All rights reserved.

Package Details

Author(s)

  • Jan Tiedemann

Tags

RDP Forensics Security EventLog RemoteDesktop Audit Compliance Monitoring Windows Investigation

Functions

Get-RDPCurrentSessions Get-RDPForensics

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

FileList

Version History

Version Downloads Last updated
2.1.3 5 3/31/2026
2.1.2-previe... (current version) 2 3/31/2026
2.1.1 2 3/31/2026
2.1.0 2 3/31/2026
2.0.1-previe... 2 3/31/2026
2.0.0 4 3/31/2026
0.2.0-previe... 3 3/31/2026
0.2.0-previe... 2 3/31/2026
Show more