Home Software POSH-Triage



Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image.

The following tools are run where applicable to the image being processed:

  • JLECmd.exe
  • LEcmd.exe
  • PEcmd.exe
  • SBECmd.exe
  • AppCompatParser.exe
  • AmcacheParser.exe
  • RecentFileCacheParser.exe
  • WxTCmd.exe
  • MFTECmd.exe
  • Registry Explorer project file creation

Learn more about the script at Mike’s GitHub.

Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *