Acquisition Tool Advice

General (Technical, Procedural, Software, Hardware etc.)

Last Post by mrpumba 2 years ago

2 Posts

2 Users

0 Reactions

884 Views

RSS

Egon_spengler

(@egon_spengler)

Active Member

Joined: 2 years ago

Posts: 2

Topic starter 06/05/2023 5:06 pm

Hello Everyone

I'm currently working on a script/tool using powershell to grab artefacts from the running system. I've managed to get everything working apart from locked files like the $MFT. Does anyone know if this can be done using powershell only?

Thanks in advance.

Quote

mrpumba

(@mrpumba)

Estimable Member

Joined: 14 years ago

Posts: 116

11/05/2023 2:49 pm

Yes. Look at Zimmermans tools, he has a parser for $MFT which utilizes Powershell and/or

CLI.

ReplyQuote

8 Forums
15.6 K Topics
92.2 K Posts
11 Online
40.9 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed