Skip to content
/ PSListCopy Public

File and file meta information collect using PowerShell in Live Response environment.

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iidx/PSListCopy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
img
img
 
 
powershell
powershell
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
PSListCopy.py
PSListCopy.py
 
 
README.md
README.md
 
 

Repository files navigation

PSListCopy

  • File and file meta information acquisition using PowerShell in Live Response environment.

Requirements

  • Python 3.8+

Usage

  1. First, prepare a list of files to be collected from the Victim PC, such as tests\sample.txt.
  2. Create a PowerShell script with the following command.
    • When collecting both files and metadata: python PSListCopy.py -l files.txt
    • When collecting only metadata: python PSListCopy.py -l files.txt -n
  3. Move the PowerShell script(PSListCopy.ps1) to Victim PC.
  4. Run PowerShell as administrator on Victim PC.
  5. Enter the Set-ExecutionPolicy Unrestricted command to temporarily change the script execution policy.
  6. Run PSListCopy.ps1

About

File and file meta information collect using PowerShell in Live Response environment.

Topics

powershell forensics dfir live-response

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

0.1v Latest
Aug 20, 2020

Packages

No packages published

Languages