PowerShell and Python Together Targeting Digital Investigations

PowerShell and Python Together Targeting Digital Investigations PDF

Author: Chet Hosmer

Publisher: Apress


Publish Date: March 30, 2019

ISBN-10: 1484245032

Pages: 232

File Type: EPub

Language: English

read download


Book Preface

PowerShell provides a great acquistion engine for obtaining a vast array of information from live systems, servers, peripherals, mobile devices, and data-driven applications like Active Directory.

Because of Microsoft’s decision to open PowerShell and provide the ability to acquire information from other non-Microsoft platforms such as Mac and Linux, the breadth of information that can be accessed is virtually limitless (with the proper credentials). Combine that with a plethora of built-in and third-party CmdLets (pronounced “command let”) that can be filtered, sorted, and piped together, and you have the ultimate acquistion engine.

By adding a bridge from PowerShell to Python, we can now leverage the rich logical machine learning and deep analysis of the raw information acquired by PowerShell. Figure 1-1 depicts the core components that we will integrate in this book. The result will be a workbench for developing new innovative approaches to live investigations and incident response applications.

A Little PowerShell History

PowerShell is a Microsoft framework that includes a command shell and a scripting language. PowerShell has traditionally been used by system administrators, IT teams, incident response groups, and forensic investigators to gain access to operational information regarding the infrastructures they manage.

How Is PowerShell Used Today?

PowerShell is most typically used to automate administrative tasks and examine the details of running desktops, servers, and mobile devices. It is used to examine both local and remote systems using the Common-Object-Model (COM) and the Windows Management Interface (WMI). Today, it can be used to examine and manage remote Linux, Mac, and Network devices using the Common Information Model (CIM).

How Do You Experiment with PowerShell?

PowerShell is typically already installed on modern Windows desktop and server platforms. If not, you can simply open your favorite browser and search for “Windows Management Framework 5” and then download and install PowerShell. PowerShell and PowerShell ISE (the Integrated Scripting Environment) are free.

I prefer using PowerShell ISE as it provides:
  1. 1.

    An integrated environment that aids in the discovery and experimentation with CmdLets

  2. 2.

    The ability to write, test, and debug scripts

  3. 3.

    Easy access to context-sensitive help

  4. 4.

    Automatic completion of commands that speed both the development and learning

Download Ebook Read Now File Type Upload Date
Download Now here Read Now


EPub June 9, 2019

Do you like this book? Please share with your friends, let's read it !! :)

How to Read and Open File Type for PC ?