Windows Forensic Analysis using PowerShell

Windows Forensic Analysis using PowerShell As I continue on with my undergrad in Information Assurance, I try to apply techniques and concepts in real-world applications. It helps me “drill” the concepts into my forgetful brain, and because security interests me, I think its fun! As stated before in my post Controlling/Monitoring Local Admin Rights using¬†PowerShell. PoshSec is seeking to tackle Information Security concerns using PowerShell. What PoshSec hasn’t quite looked at (yet), is Forensic Analysis.

Introduction to the forensic examination of E-Mail

[][1]Email Forensics This will be Part I in my two-part E-Mail forensics series exclusive to securekomodo.net Most people these days already have a basic understanding of what email is, or how to use it. Simply type up your message and hit “Send” and like magic, the message is delivered electronically to the recipient you intended. But what is going on behind the scenes may still be widely unknown. Gaining a basic understanding on the underlying technologies used in email communication can be a valuable advantage in any type of cyber crime investigation.

log2timeline

Developer Link: http://log2timeline.net/ log2timeline is a single tool to parse through log files and artifacts recursively, eliminating the need to accomplish the same task through other manual processes.It produces a formatted timeline in (.CSV) format that can be viewed in excel or other spreadsheet applications to be analyzed by a forensic investigator or analyst. The timeline will show all recognized events (which is a dynamically growing list) in the order in which the event occurred.