PowerForensics v1.1.1 ~ PowerShell - Live disk forensics platform.

PowerForensics v1.1.1 ~ PowerShell – Live disk forensics platform.

Changelog PowerForensics v1.1.1:
* Particularlly: 30/10/2016
– Abstracted ATTRIBUTE_LIST MFT attributes
* Fixed major DataRun parsing bug
* Added Nano Server compatibility!
* Added new csproj for PowerShell v2 compatibility
++ New module PowerForensicv2 for PowerShell v2 compatibility

PowerForensics v1.1.1

PowerForensics v1.1.1

PowerForensics is a PowerShell digital forensics framework. It currently supports NTFS and is in the process of adding support for the ext4 file system.

with Cmdlets Function:
Boot Sector

New Technology File System (NTFS)

Extended File System 4 (ext4)

Windows Artifacts



Module Installation:
The easiest way to install PowerForensics is through the Install-Module cmdlet. This is available by default in Windows 10, but can also be installed via the Windows Management Framework or the standalone MSI installer:

Download : PowerForensics.zip | PowerForensicsv2 | Our Post Before
Source: https://github.com/Invoke-IR