PowerShell provides a wide variety of options to examine the Windows operating system components. With its various Cmdlets, .NET classes, and WMI objects, PowerShell can be utilized to collect data from any Windows machine, particularly when unplugging a system, and acquiring an image might not be an option. Its added features also help to collect the artifacts in an easy to use format, which helps to enumerate any Windows operating system and applications. This topic will explore how we can harness the power of the PowerShell script to automate common forensic tasks like live data collection, malware analysis etc.

Module 1:  PowerShell Primer

Module 2:  Automating Live Data collection Using PowerShell