Technical Documentation · PowerForensics

Guides by Tool

Select the tool to see requirements, installation, execution, parameters, and output.

Powerful Artifact Recovery

Recover and analyze digital artifacts from Windows and Linux systems with a focus on speed and portability. Integrates structured export and MITRE ATT&CK mapping.

Key Points

Live or offline acquisition and analysis in a single flow.
Export in JSON, CSV, and HTML ready for reports.
Visual correlation via Chronos — Timeline and Nexus — Graph.
Portable execution without dependencies or installation.

PowerTriage

PowerShell script for rapid triage on Windows. Extracts artifacts like Amcache, Prefetch, SRUM, and events, with structured export for analysis.

Key Points

Direct execution on computers 10/11/Server or remote.
Quick/Full/Custom mode and offline analysis.
MITRE summary and compatibility with Chronos/Nexus.
Output organized by artifact and chosen format.

PowerTriage Linux

Standalone Bash tool for triage on Linux. Analyzes logs, sessions, tasks, cron, and persistence artifacts.

Key Points

Support for live analysis and mounted volume.
Export in lightweight formats for reports.
Integration with Chronos/Nexus for visual correlation.
Simple execution with minimal permissions.

PowerTriage IoT

Specialized version for IoT devices and OpenWRT. Audits configurations, credentials, and critical services.

Key Points

Lightweight modules designed for embedded environments.
Export in compact formats for auditing.
Offline mode and execution on devices with BusyBox.
Results ready for correlation on the platform.

Forge

Normalization engine that turns raw evidence into structured investigations. Multi-cloud support for AWS, Azure, GCP, and M365.

Key Points

Processes logs from multiple sources (Syslog, EVTX, JSON, CSV).
Normalizes data for ingestion into Chronos and Nexus.
Community Edition focused on AWS CloudTrail.
Pro Edition with full Multi-Cloud support.

Back to Home