Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
- Fixed major DataRun parsing bug
- Added Nano Server compatibility!
- Added new csproj for PowerShell v2 compatibility
- New module PowerForensicv2 for PowerShell v2 compatibility
Added 5 cmdlets:
A number of bugs fixed and code efficiencies added.
This release features minor bug fixes, initial Pester tests, and updated help (thanks June!).
It also signifies the merging of the PowerForensics_Source and the PowerForensics repos.
This is the official release of PowerForensics, a PowerShell module for performing hard drive forensic analysis.
The following features are included in this release:
- DD utility
- Boot Sector parsing
- Master Boot Record
- Guid Partition Table
- NTFS File System Structure parsing
- Volume Boot Record ($Boot)
- Master File Table
- File Slack Space
- MFT Slack Space
- Unallocated Space
- Windows Event Log parsing
- Windows Registry Hive parsing
- Registry Keys
- Registry Values
- System Security Identifier
- System Timezone
- Windows Artifact parsing
- Scheduled Job
- Custom binary parsing language called BinShred
There are also a few additional capabilities to copy files in a forensically sound manner. All features are implemented from the ground up and do not rely on the Windows API.