{"id":13597625,"url":"https://github.com/Invoke-IR/PowerForensics","last_synced_at":"2025-04-10T05:33:01.089Z","repository":{"id":28307295,"uuid":"31820011","full_name":"Invoke-IR/PowerForensics","owner":"Invoke-IR","description":"PowerForensics provides an all in one platform for live disk forensic analysis","archived":false,"fork":false,"pushed_at":"2023-11-16T10:31:37.000Z","size":16872,"stargazers_count":1385,"open_issues_count":64,"forks_count":274,"subscribers_count":158,"default_branch":"master","last_synced_at":"2024-10-29T17:39:48.294Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Invoke-IR.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-03-07T17:12:19.000Z","updated_at":"2024-10-17T21:22:15.000Z","dependencies_parsed_at":"2024-01-13T10:12:33.798Z","dependency_job_id":"1d768f71-a109-4998-8f72-0488b9673a2f","html_url":"https://github.com/Invoke-IR/PowerForensics","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Invoke-IR%2FPowerForensics","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Invoke-IR%2FPowerForensics/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Invoke-IR%2FPowerForensics/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Invoke-IR%2FPowerForensics/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Invoke-IR","download_url":"https://codeload.github.com/Invoke-IR/PowerForensics/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247801175,"owners_count":20998339,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T17:00:37.400Z","updated_at":"2025-04-10T05:33:01.064Z","avatar_url":"https://github.com/Invoke-IR.png","language":"C#","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/Invoke-IR/PowerForensics/blob/master/Images/powerforensic_square_blue_lowres.png?raw=true\" width=\"300\" height=\"300\"\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003ePowerForensics - PowerShell Digital Forensics\u003c/h1\u003e\n\n\u003ch5 align=\"center\"\u003eDeveloped by \u003ca href=\"https://twitter.com/jaredcatkinson\"\u003e@jaredcatkinson\u003c/a\u003e\u003c/h5\u003e\n\n\n[![Build status](https://ci.appveyor.com/api/projects/status/l8rmlql34xwyvwsc/branch/master?svg=true)](https://ci.appveyor.com/project/Invoke-IR/powerforensics/branch/master)\n[![docs status](https://readthedocs.org/projects/powerforensics/badge/?version=latest)](https://powerforensics.readthedocs.io/en/latest/)\n[![waffle ready](https://badge.waffle.io/Invoke-IR/PowerForensics.png?label=ready\u0026title=Ready)](https://waffle.io/Invoke-IR/PowerForensics)\n[![waffle in progress](https://badge.waffle.io/Invoke-IR/PowerForensics.png?label=in%20progress\u0026title=In%20Progress)](https://waffle.io/Invoke-IR/PowerForensics)\n\n## Overview\nThe purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis.\nPowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support.\n\nAll PowerForensics documentation has been moved to \u003ca href=\"https://powerforensics.readthedocs.io\"\u003eRead The Docs\u003c/a\u003e.\n\nDetailed instructions for installing PowerForensics can be found \u003ca href=\"http://www.invoke-ir.com/2016/02/installing-powerforensics.html\"\u003ehere\u003c/a\u003e.\n\n## Public API\nPowerForensics is built on a C# Class Library (Assembly) that provides a public API for forensic tasks.\nThe public API provides a modular framework for adding to the capabilities exposed by the PowerForensics module.\nAll of this module's cmdlets are built on this public API and tasks can easily be expanded upon to create new cmdlets.\nAPI documentation can be found \u003ca href=\"https://powerforensics.readthedocs.io/en/latest/publicapi/\"\u003ehere\u003c/a\u003e.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/Invoke-IR/PowerForensics/blob/master/Images/powerforensic_square_blue_lowres.png?raw=true\" width=\"300\" height=\"300\"\u003e\n\u003c/p\u003e\n","funding_links":[],"categories":["Tools","IR Tools Collection","C# #","Challenges","🛡️ Security","安全监控","Forensics","Security","Security monitoring","IR tools Collection"],"sub_categories":["Frameworks","Windows Evidence Collection","威胁狩猎","Steganography","Threat hunting"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInvoke-IR%2FPowerForensics","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FInvoke-IR%2FPowerForensics","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInvoke-IR%2FPowerForensics/lists"}