Simple play icon Course

Live Response and Forensics with PowerShell

by Liam Cleary

This course will teach you how to use PowerShell for performing initial security triage on workstations and disk forensics.

What you'll learn

The ability to perform security triage and forensics can be a daunting task. However, many tools are available to make this process easier, one of which is PowerShell. In this course, Live Response and Forensics with PowerShell, you’ll learn how to use PowerShell to perform initial triage and forensics on a windows workstation. First, you’ll explore PowerShell execution policies and collect system information. Next, you’ll discover how to create a triage script using PowerShell and extra components to investigate the workstation. Finally, you’ll learn how to use the PowerForensics framework to perform disk analysis and create a forensic timeline. When you’re finished with this course, you’ll have the skills and knowledge to use PowerShell for digital forensics needed to perform triage and assist in identifying what happened and potential remediation.

About the author

Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, ... more

Ready to upskill? Get started