PowerForensics Logo

PowerForensics

0
Free
Visit Website

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis, supporting NTFS and FAT file systems, with plans for HFS+ and Extended File System support. It provides a public API for forensic tasks, built on a C# Class Library, allowing for modular expansion of capabilities. Documentation and installation instructions can be found on Read The Docs and GitHub.

FEATURES

ALTERNATIVES

A forensic research tool for gathering forensic traces on Android and iOS devices, supporting the use of public indicators of compromise.

Automated collection tool for incident response triage in Windows systems.

A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.

Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.

Highlighter is a FireEye Market app that integrates with FireEye products to provide enhanced cybersecurity capabilities.

A library and tools to access and analyze APFS file systems

A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.