Found while doing forensics on some rediscovered loose flash drives.

  • icanwatermyplants
    link
    fedilink
    arrow-up
    7
    ·
    5 months ago

    The humor is in the amount of hoops to jump through to get some basic info out using Powershell. Under Linux one would use a single command or just check what the system exposes in the form of a file.

    I have no idea how to do forensics under Windows to be honest. You’d probably have to write something to get to the block layer so it can be dumped and analyzed. Perhaps OP can amuse us how he went about it.

    • lud@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      5 months ago

      It’s just one command with a bunch of selects, you could probably just run the first part. I can try it myself later.

      There are a lot of software that forensics can use, I don’t know how common windows is but considering its usage for everything else in companies and governments, I wouldn’t be surprised if forensics use primarily Windows.