Welcome to Invoke-IR, the blog where I (Jared Atkinson) will discuss Digital Forensics and Incident Response using Windows PowerShell. Windows PowerShell is an excellent application that solves many of the complaints we all have about the native Windows command shell. Unfortunately many system administrators, incident responders, and forensicators are not familiar enough with Windows PowerShell to understand its use. Through Invoke-IR (the name is a PowerShell pun) I will introduce readers to PowerShell itself, some resources that will provide a deeper understanding of PowerShell and digital forensics, and how we can apply PowerShell to Incident Response.
Some topics I plan on covering in the near future are:
1) Intro to PowerShell
2) PowerShell Remoting
3) Windows Logon and Authentication (How it relates to PowerShell)
4) Dealing with Event Logs in PowerShell
5) Handling the Windows Registry through PowerShell
... and much much more
Thank you for visiting Invoke-IR and I am looking forward to reading your comments and questions.