PowerShell in forensics - suitable cases [FREE COURSE CONTENT]

In this short video from our PowerShell for Forensics online course we will learn what makes a case ideal for PowerShell, and what signs tell us we should stay away from it during an investigation. Jump in!

PowerShell gives system administrators extensive access to the Windows operating system internals. Digital forensic professionals will find that using PowerShell will reveal many items of evidentiary value and a wealth of digital artifacts located within an operating system including how system tools and applications are used as well as user access. Moreover, PowerShell contains a robust scripting component that can be extended to other operating systems including both client -side and network operating systems. This course provides digital forensic examiners with a forensically sound method for conducting digital forensic investigations for both static and live acquisitions. Journey with the instructor as you test and validate Powershell with real world relevant case examples as a forensically sound tool that will stand up in a court proceeding providing and reporting evidence that is admissible and defensible. At the completion of this course you will be able to use PowerShell at an advanced level for both onsite live data acquisition and analysis and reporting at a forensic laboratory.

YOUR INSTRUCTOR: David J Tatum

David has taught computer network systems for over twenty years and digital forensic for the last ten years. Prior to teaching, David worked as a senior technical support engineer supporting a wide variety of hardware and software platforms. David recently started his own business that includes teaching with computer networks and specializing in computer forensic imaging and data recovery. Interests include 3D printing and video game design. In his spare time, David enjoys reading, hiking and trips to the beach.