Tags: powershell forensics

Rating:

# Powershell writeup
> I want to know what is happening in my Windows Powershell.

bash
$file file.mp3 file.mp3: Audio file with ID3 version 2.46.20 # If you run strings on the file you can see there are 3 files$ strings file.mp3
# Open Powershell.xml and you can see all commands that were ran