| Document Type
|
:
|
BL
|
| Record Number
|
:
|
851288
|
| Main Entry
|
:
|
Hosmer, Chet
|
| Title & Author
|
:
|
PowerShell and Python together : : targeting digital investigations /\ Chet Hosmer.
|
| Publication Statement
|
:
|
New York, NY :: Apress,, [2019]
|
|
|
:
|
, ©2019
|
| Page. NO
|
:
|
1 online resource
|
| ISBN
|
:
|
1484245040
|
|
|
:
|
: 1484245059
|
|
|
:
|
: 9781484245040
|
|
|
:
|
: 9781484245057
|
|
|
:
|
1484245032
|
|
|
:
|
9781484245033
|
| Bibliographies/Indexes
|
:
|
Includes bibliographical references and index.
|
| Contents
|
:
|
Intro; Table of Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: An Introduction to PowerShell for Investigators; A Little PowerShell History; How Is PowerShell Used Today?; How Do You Experiment with PowerShell?; Navigating PowerShell ISE; PowerShell CmdLets; What Is a CmdLet?; Introduction to Some Key CmdLets; Get-Help; Get-Process; Get-Member; Challenge Problems: Investigative CmdLets to Explore; Challenge One: Executing a "Find" Based on File Extension; Challenge Two: Examining Network Settings
|
|
|
:
|
Challenge Three: Examining Firewall SettingsChallenge Four: Your Chance to Explore; Summary; Chapter 2: PowerShell Pipelining; What Is CmdLet Pipelining?; Example 1: Get-Service; Example 2: Get-Process; PowerShell Variables; PowerShell Automatic Variables; Breaking Down the CmdLet Usage for Example 2; Adding the NetTCPConnections CmdLet; How to Discover CmdLets?; Using PowerShell Variables with CmdLets; ForEach-Object; Creating a Single Pipeline Solution to Example 2; Resolving Remote IP Addresses; Adding a Transcript to Track Your Activities; Challenge Problem: CmdLet Experimentation
|
|
|
:
|
Example 2: USB Device Usage DiscoveryCreate the Script; Step One: Recent Accessing USB Activity; Invoke-Command PowerShell CmdLet; Step Two: Create the USBAcquire PowerShell Script; USBAcquire Script Execution; USBAcquire Get-Help Result; Challenge Problem: Create File Inventory List with Hashes; Summary; Chapter 4: Python and Live Investigation/Acquisition; What Is "By Example"?; Directing PowerShell with Python; Launching PowerShell CmdLets from Python; Creating a System Files Baseline with PowerShell and Python; Creating the Baseline with Python; Verifying the Baseline with Python
|
|
|
:
|
Overview of the New Code Sections in VerifyBaseline.pyOverview of Python Execution with PowerShell; Challenge Problem: Perform Remote Script Execution; Summary; Chapter 5: PowerShell/Python Investigation Example; Enable PowerShell Remoting; Gathering and Analyzing Remote Evidence; Invoking Remote Access; Building a PowerShell Script for DnsCache Acquisition; Python Script and PowerShell CacheAquire Script; Overview of Client DNS Cache Acquisition and Search; Challenge Problem: Multiple Target Computer DNSCache Acquisition; Summary; Chapter 6: Launching Python from PowerShell
|
| Abstract
|
:
|
Chapter 3: PowerShell Scripting Targeting Investigation; Basic Facts About PowerShell Scripts; Example 1: The EventProcessor PowerShell Script; EventLog CmdLets; Retrieving More Specific Eventlog Information; Creating the Script; Step One: Define the Challenge; Step Two: Create the Script in Stages; Script Header; .Synopsis Section; .Description Section; .Parameters Section; .Examples Section; Parameter Definition; Local Variable Definition; CmdLet Pipeline Execution; EventProcessor Get-Help Result; EventProcessor Script Execution; Resulting Directory; HTML Output Report; Remote Access
|
| Subject
|
:
|
Python (Computer program language)
|
| Subject
|
:
|
Scripting languages (Computer science)
|
| Subject
|
:
|
Windows PowerShell (Computer program language)
|
| Subject
|
:
|
COMPUTERS-- Programming Languages-- General.
|
| Subject
|
:
|
Python (Computer program language)
|
| Subject
|
:
|
Scripting languages (Computer science)
|
| Subject
|
:
|
Windows PowerShell (Computer program language)
|
| Dewey Classification
|
:
|
005.13
|
| LC Classification
|
:
|
QA76.7
|