mnerv
878d19f917
Add PowerShell scripts for collecting forensic artifacts: - USB/storage devices, mounted drives, portable devices - Network history and hotspot connections - Recent documents (OpenSavePidlMRU with PIDL parsing) - System info and user enumeration with multiple output modes Includes TODO.md for planned artifacts and updated README.
17 lines
565 B
PowerShell
17 lines
565 B
PowerShell
# Get-MountedDevices.ps1
|
|
# Lists mounted devices and drive letter mappings
|
|
|
|
Write-Host "=== Mounted Devices ===" -ForegroundColor Cyan
|
|
Write-Host "HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices"
|
|
|
|
try {
|
|
$mounted = Get-ItemProperty -Path "HKLM:\SYSTEM\MountedDevices" -ErrorAction SilentlyContinue
|
|
if ($mounted) {
|
|
$mounted.PSObject.Properties | Where-Object { $_.Name -notmatch "^PS" } | ForEach-Object {
|
|
Write-Host "$($_.Name)" -ForegroundColor Yellow
|
|
}
|
|
}
|
|
} catch {
|
|
Write-Host "Error: $_" -ForegroundColor Red
|
|
}
|