Home Software POSH-Triage



Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image.

The following tools are run where applicable to the image being processed:

  • JLECmd.exe
  • LEcmd.exe
  • PEcmd.exe
  • SBECmd.exe
  • AppCompatParser.exe
  • AmcacheParser.exe
  • RecentFileCacheParser.exe
  • WxTCmd.exe
  • MFTECmd.exe
  • Registry Explorer project file creation

Learn more about the script at Mike’s GitHub.

Load More Related Articles
  • Malcom: Malware Communication Analyzer

    Malcom is a tool designed to analyze a system’s network communication using graphica…
  • PasteHunter

    PasteHunter is a Python3 application that is designed to query a collection of sites that …
  • Open Forensic Images with Forensic7z

    Forensic7z is a plugin for 7-Zip archiver that can be used for opening and browsing disk i…
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *