1
votes

I was trying these power forensics command from the powerforensics website the 1st two commands worked perfectly while the next 3 commands gave errors, I am sharing one of the errors below. Please tell me the solution to get rid of this error. enter image description hereWhat's wrong with the path of the cmd?

Command - PS C:> Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe

Error: Get-ForensicFileRecord : Path C:\Windows\system32\cmd.exe not found. At line:1 char:1

Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe + CategoryInfo : NotSpecified: (:) [Get-ForensicFileRecord], Exception + FullyQualifiedErrorId : System.Exception,PowerForensics.Cmdlets.GetFileRecordCommand

link which I followed for this tutorial: https://powerforensics.readthedocs.io/en/latest/modulehelp/Get-ForensicFileRecord

PS: This command worked fine in one of my friend's machine but its throwing error for my machine.

1
Make sure you run PowerShell as administrator. You could also try running Get-ForensicFileRecord -Path $env:ComSpec.notjustme

1 Answers

0
votes

You dont have the module installed in your system. It doesn't come by default.

So, what you need to do is below:

#To Find the module
Find-Module -Name *Forensic*

The Module name is actually PowerForensics. So, you can install it using:

Install-Module -Name PowerForensics

Press A, to Confirm All installation. Then,

#To Import the module
Import-Module PowerForensics

#To Get all the available commands in the module
Get-Command -Module PowerForensics