The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis.
PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System and HFS+ support.
All PowerForensics documentation has been moved to Read The Docs.
Detailed instructions for installing PowerForensics can be found here.
PowerForensics is built on a C# Class Library (Assembly) that provides a public API for forensic tasks.
The public API provides a modular framework for adding to the capabilities exposed by the PowerForensics module.
All of this module’s cmdlets are built on this public API and tasks can easily be expanded upon to create new cmdlets.
API documentation can be found here.
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…