Live Response and Forensics with PowerShell
Performing security triage and forensics on a workstation is time-consuming and may require complex tools. In this course, you will learn how to use PowerShell to perform triage and disk forensics combined with readily available system tools.
What you'll learn
The ability to perform security triage and forensics can be a daunting task. However, many tools are available to make this process easier, one of which is PowerShell. In this course, Live Response and Forensics with PowerShell, you’ll learn how to use PowerShell to perform initial triage and forensics on a Windows workstation. First, you’ll explore PowerShell execution policies and collect system information. Next, you’ll discover how to create a triage script using PowerShell and extra components to investigate the workstation. Finally, you’ll learn how to use the PowerForensics framework to perform disk analysis and create a forensic timeline. When you’re finished with this course, you’ll have the skills and knowledge to use PowerShell for digital forensics needed to perform triage and assist in identifying what happened and potential remediation.
Table of contents
- Agenda 1m
- Review Required Triage Data 4m
- Review Available Native PowerShell Commands 2m
- Execute PowerShell Commands for System Information Retrieval 4m
- Demo: Execute PowerShell Commands for System Information Retrieval 7m
- Review Supporting Tools 5m
- Understand How to Use Supporting Tools with PowerShell 3m
- Execute Supporting Tools 3m
- Demo: Execute Supporting Tools - TPC Port Information 5m
- Demo: Execute Supporting Tools - Autorun Information 5m
- Demo: Execute Supporting Tools - Session and Event Logs 4m
- How to Format the Retrieved Information 4m
- Demo: Format the Retrieved Information 8m
- Summary 1m
- Agenda 1m
- Script Tasks 8m
- Demo: Create a Triage Script to Collect System Information - Create the Variables 3m
- Demo: Create a Triage Script to Collect System Information - Supporting Functions Part 1 5m
- Demo: Create a Triage Script to Collect System Information - Supporting Functions Part 2 5m
- Demo: Createing and Executing the Triage Script 7m
- Demo: Execute the Triage Script - Export Logs 5m
- Summary 1m
- Agenda 1m
- Understand Disk Forensics 4m
- Review PowerForensics 2m
- Install and Import PowerForensics 2m
- Demo: Install, Import, and Test PowerForensics 6m
- Performing Hard Disk Forensics 5m
- Demo: Perform Basic Disk Analysis Using PowerForensics - Part 1 8m
- Demo: Perform Basic Disk Analysis Using PowerForensics - Part 2 9m
- Demo: Perform Basic Disk Analysis Using PowerForensics - Part 3 3m
- Demo: Perform Basic Disk Analysis Using PowerForensics - Part 4 8m
- Summary 2m
About the author
Liam began his career as a trainer of all things computer-related. He quickly realized that programming, breaking, and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is the founder and owner of SharePlicity, a consulting company that focuses on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, ... more