Found while doing forensics on some rediscovered loose flash drives.

  • @[email protected]
    link
    fedilink
    -711 months ago

    The humor is in the amount of hoops to jump through to get some basic info out using Powershell. Under Linux one would use a single command or just check what the system exposes in the form of a file.

    I have no idea how to do forensics under Windows to be honest. You’d probably have to write something to get to the block layer so it can be dumped and analyzed. Perhaps OP can amuse us how he went about it.

    • @[email protected]
      link
      fedilink
      1
      edit-2
      11 months ago

      It’s just one command with a bunch of selects, you could probably just run the first part. I can try it myself later.

      There are a lot of software that forensics can use, I don’t know how common windows is but considering its usage for everything else in companies and governments, I wouldn’t be surprised if forensics use primarily Windows.