Extracting command lines from Sysmon log

Simple PowerShell script opening the "Microsoft-Windows-Sysmon/Operational" log and extracting all executed command lines from there. Good for basic forensics especially if you have a text file with commonly known paths used in non-infected computers.Simple change allows to use i

461 times
Add to favorites
E-mail Twitter del.icio.us Digg Facebook
Verified on the following platforms
Windows 10 Yes
Windows Server 2012 Yes
Windows Server 2012 R2 Yes
Windows Server 2008 R2 Yes
Windows Server 2008 No
Windows Server 2003 No
Windows Server 2016 Yes
Windows 8 Yes
Windows 7 Yes
Windows Vista No
Windows XP No
Windows 2000 No
This script is tested on these platforms by the author. It is likely to work on other platforms as well. If you try it and find that it works on another platform, please add a note to the script discussion to let others know.