SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsLive response is a critical area within Incident Response. While there are many tools and processes available to collect valuable information for later analysis, there haven't been any comprehensive studies done with the capabilities of PowerShell as an inbuilt tool to aid live response. This paper focuses on various ways in which PowerShell can be utilized to collect data from Windows 7 systems. PowerShell comes bundled with Windows 7 and Microsoft provides a wealth of options to collect, analyze and present the various artifacts.