Home Software POSH-Triage



Mike Cary has written a PowerShell¬†script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image.

The following tools are run where applicable to the image being processed:

  • JLECmd.exe
  • LEcmd.exe
  • PEcmd.exe
  • SBECmd.exe
  • AppCompatParser.exe
  • AmcacheParser.exe
  • RecentFileCacheParser.exe
  • WxTCmd.exe
  • MFTECmd.exe
  • Registry Explorer project file creation

Learn more about the script at Mike’s GitHub.

  • Spotting the Signs of Lateral Movement

    Derek King has published another post as part of his¬†“Hunting with Splunk: The Basic…
  • How to Deploy Cuckoo Sandbox

    Marc Rivero L√≥pez presented a how-to guide that will help you to deploy¬†Cuckoo Sandbox …
  • DFIR SQL Query Repository

    Alexis Brignoni has started a collection of¬†SQL query templates for digital forensics use,…
Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *