1.1.1

• Fixed major DataRun parsing bug
• Added Nano Server compatibility!
• Added new csproj for PowerShell v2 compatibility
  • New module PowerForensicv2 for PowerShell v2 compatibility

PowerForensics v1.0.2

Added 5 cmdlets:

• Get-ForensicOfficeFileMru
• Get-ForensicOfficeOutlookCatalog
• Get-ForensicOfficePlaceMru
• Get-ForensicOfficeTrustRecord
• Get-ForesnicRunKey

A number of bugs fixed and code efficiencies added.

PowerForensics v1.0.1

This release features minor bug fixes, initial Pester tests, and updated help (thanks June!).

It also signifies the merging of the PowerForensics_Source and the PowerForensics repos.

PowerForensics v1.0

This is the official release of PowerForensics, a PowerShell module for performing hard drive forensic analysis.

The following features are included in this release:

• DD utility
• Boot Sector parsing
  • Master Boot Record
  • Guid Partition Table
• NTFS File System Structure parsing
  • Volume Boot Record ($Boot)
  • $AttrDef
  • $Volume
  • Master File Table
  • UsnJrnl
  • File Slack Space
  • MFT Slack Space
  • Unallocated Space
• Windows Event Log parsing
• Windows Registry Hive parsing
  • Registry Keys
  • Registry Values
  • Amcache.hve
  • UserAssist
  • NetworkList
  • TypedUrls
  • System Security Identifier
  • System Timezone
• Windows Artifact parsing
  • Prefetch
  • Scheduled Job
  • ShellLink
• Custom binary parsing language called BinShred

There are also a few additional capabilities to copy files in a forensically sound manner. All features are implemented from the ground up and do not rely on the Windows API.