Live Response and Forensics with PowerShell
This course will teach you how to use PowerShell for performing initial security triage on workstations and disk forensics.
What you'll learn
The ability to perform security triage and forensics can be a daunting task. However, many tools are available to make this process easier, one of which is PowerShell. In this course, Live Response and Forensics with PowerShell, you’ll learn how to use PowerShell to perform initial triage and forensics on a windows workstation. First, you’ll explore PowerShell execution policies and collect system information. Next, you’ll discover how to create a triage script using PowerShell and extra components to investigate the workstation. Finally, you’ll learn how to use the PowerForensics framework to perform disk analysis and create a forensic timeline. When you’re finished with this course, you’ll have the skills and knowledge to use PowerShell for digital forensics needed to perform triage and assist in identifying what happened and potential remediation.
Table of contents
- Understand Disk Forensics 5m
- Review PowerForensics 3m
- Demo: Disk Forensic Setup 3m
- Demo: Perform Basic Disks Analysis using PowerForensics – Part 1 6m
- Demo: Perform Basic Disks Analysis using PowerForensics – Part 2 6m
- Demo: Perform Basic Disks Analysis using PowerForensics – Part 3 6m
- Demo: Finding a Malicious Task 4m
- Demo: Timeline Creation 9m