Powershell can be used for both legitimate and malicious purposes. It leaves various artifacts that can be used for forensic analysis, including entries in the registry, network traffic, memory artifacts, prefetch files, and Windows event logs. The document discusses how Powershell can be used by attackers to remain undetected by avoiding leaving traces in the Windows event log, and provides examples of how it has been used in malware like embedding in macros, exploiting vulnerabilities like MS16-032, and getting a Meterpreter shell.
3. >_ Powershell
• Microsoft tarafından Windows komut satırı cmd.exe ve Windows
Script Host'a alternatif olarak geliştirilen yeni nesil bir komut satırı
uygulamasıdır.