Updates PS-WindowsForensics – PowerShell scripts for parsing forensic artifacts in the Windows operating system.
Latest Change 11/2/2016:
+ Get-PartitionTable function into Get-VolumeBootRecord stand alone script.
PS-WindowsForensics is a PowerShell scripts for parsing forensic artifacts in the Windows operating system.
Full Version Lite Version (for Kansa or Invoke-LiveResponse)
1. Provide scripts that can be run on Windows systems without requiring any additional software download/installation
2. Provide scripts that can be run against live Windows systems
3. Provide scripts that can be run against most Windows systems
— PowerShell Version 3 if possible
— Lowest version of .NET possible, but most everything I find has at least 4
4. Provide scripts that can easily be run, or modified to run, in a PowerShell session.
compress into windows powershell folder
then open with windows Powershell with administrator User.