PowerShell for Live Investigations and Triage
- PowerShell is a Microsoft framework that includes a command shell and a scripting language.
- PowerShell is typically used by system administrators, IT teams, incident response groups and forensic investigators to investigate unauthorized or even criminal behavior.
- Setting up a PowerShell Environment
- Using the PowerShell Help System
- Leveraging built in and 3rd Party CmdLets
- Applying PowerShell to Investigations and Incident Response scenarios
- Developing Custom PowerShell Scripts to aid in discovery and forensic investigations