mnerv
878d19f917
Add PowerShell scripts for collecting forensic artifacts: - USB/storage devices, mounted drives, portable devices - Network history and hotspot connections - Recent documents (OpenSavePidlMRU with PIDL parsing) - System info and user enumeration with multiple output modes Includes TODO.md for planned artifacts and updated README.
24 lines
942 B
PowerShell
24 lines
942 B
PowerShell
# Get-PortableDevices.ps1
|
|
# Lists portable devices (phones, cameras, etc.)
|
|
|
|
Write-Host "=== Portable Devices ===" -ForegroundColor Cyan
|
|
Write-Host "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Portable Devices\Devices"
|
|
|
|
try {
|
|
$portableDevices = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows Portable Devices\Devices" -ErrorAction SilentlyContinue
|
|
if ($portableDevices) {
|
|
foreach ($device in $portableDevices) {
|
|
$props = Get-ItemProperty -Path $device.PSPath -ErrorAction SilentlyContinue
|
|
if ($props.FriendlyName) {
|
|
Write-Host "$($props.FriendlyName)" -ForegroundColor Yellow
|
|
Write-Host " $($device.PSChildName)" -ForegroundColor Gray
|
|
Write-Host ""
|
|
}
|
|
}
|
|
} else {
|
|
Write-Host "No portable devices found." -ForegroundColor Gray
|
|
}
|
|
} catch {
|
|
Write-Host "Error: $_" -ForegroundColor Red
|
|
}
|