I was trying these power forensics command from this website the 1st two commands worked perfectly while the next 3 commands gave errors, I am sharing one of the error below. Please tell me the solution to get rid of this error.
Command - PS C:> Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe
Error:
Get-ForensicFileRecord : Path C:\Windows\system32\cmd.exe not found.
At line:1 char:1
Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe
+ CategoryInfo : NotSpecified: (:) [Get-ForensicFileRecord], Exception
+ FullyQualifiedErrorId : System.Exception,PowerForensics.Cmdlets.GetFileRecordCommand
The link which I followed for this tutorial:
PowerForensics - PowerShell Digital Forensics | Get-ForensicFileRecord
Related
Amateur computer science student here.
Trying to activate a virtual environment in powershell and I keep
getting the following error both when I start powershell or try to
activate the environment. The environment opens normally in CMD.
I've tried reinstalling to no avail. Not sure what to do so making a first post on StackOverflow.
Many thanks and kind regards,
Daniel
PS C:\Users\User> conda activate MyDjangoEnv
Invoke-Expression : At line:1 char:1342
... iles\PuTTY;"C:\Users\User\AppData\Local\Packages\PythonSoftwareFounda ...
Unexpected token 'C:\Users\User\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\loc
al-packages\Python39\Scripts' in expression or statement.
At C:\Users\User\anaconda3\shell\condabin\Conda.psm1:76 char:9
+ Invoke-Expression -Command $activateCommand;
+ CategoryInfo : ParserError: (:) [Invoke-Expression], ParseException
+ FullyQualifiedErrorId : UnexpectedToken,Microsoft.PowerShell.Commands.InvokeExpressionCommand
I was trying these power forensics command from the powerforensics website the 1st two commands worked perfectly while the next 3 commands gave errors, I am sharing one of the errors below. Please tell me the solution to get rid of this error. enter image description hereWhat's wrong with the path of the cmd?
Command - PS C:> Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe
Error: Get-ForensicFileRecord : Path C:\Windows\system32\cmd.exe not
found. At line:1 char:1
Get-ForensicFileRecord -Path C:\Windows\system32\cmd.exe +
CategoryInfo : NotSpecified: (:) [Get-ForensicFileRecord],
Exception + FullyQualifiedErrorId :
System.Exception,PowerForensics.Cmdlets.GetFileRecordCommand
link which I followed for this tutorial: https://powerforensics.readthedocs.io/en/latest/modulehelp/Get-ForensicFileRecord
PS: This command worked fine in one of my friend's machine but its throwing error for my machine.
You dont have the module installed in your system. It doesn't come by default.
So, what you need to do is below:
#To Find the module
Find-Module -Name *Forensic*
The Module name is actually PowerForensics. So, you can install it using:
Install-Module -Name PowerForensics
Press A, to Confirm All installation.
Then,
#To Import the module
Import-Module PowerForensics
#To Get all the available commands in the module
Get-Command -Module PowerForensics
When i run Get-PSRepository using Powershell ISE(x86) it shows me the source location and installation policy as trusted. The source location it shows is https://www.powershellgallery.com/api/v2
But when i run the same command using Powershell ISE without the x86 from my machine i get the below error:
Get-PSRepository : The 'Get-PSRepository' command was found in the module 'PowerShellGet', but the module
could not be loaded. For more information, run 'Import-Module PowerShellGet'.
At line:1 char:1
+ Get-PSRepository
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-PSRepository:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
Why powershell is displaying the two behaviours with two different ISE is it because of environment variable or what?
After using Install-Module to install powershell-yaml I had about a week of use before I came in one morning to it not loading YamlDotNet properly.
Now if I try to use ConvertFrom-Yaml before manually running Import-Module powershell-yaml I get the the following error:
PS C:\Users\user> "---" | ConvertFrom-Yaml
New-Object : Cannot find type [YamlDotNet.RepresentationModel.YamlStream]: verify that the assembly containing this type is loaded.
At C:\Program Files\WindowsPowerShell\Modules\powershell-yaml\0.3.1\powershell-yaml.psm1:24 char:23
+ ... $yamlStream = New-Object "YamlDotNet.RepresentationModel.YamlStream"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand
You cannot call a method on a null-valued expression.
At C:\Program Files\WindowsPowerShell\Modules\powershell-yaml\0.3.1\powershell-yaml.psm1:25 char:9
+ $yamlStream.Load([System.IO.TextReader] $stringReader)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Previously (and on most systems) this worked fine. If I run a manual Import-Module before calling the function it works fine:
PS C:\Users\user> Import-Module powershell-yaml
PS C:\Users\user> "---" | ConvertFrom-Yaml
PS C:\Users\user>
Both my and a coworker's machines started this behavior at about the same time. This morning my system started working properly again, but his is still exhibiting the behavior. We haven't been able to duplicate it on other machines.
I've narrowed it down to a script referenced in Powershell-Yaml manifest's ScriptsToProcess not being called during autoload, but runs fine during a manual Import-Module. On working machines the script in ScriptsToProcess is run in both cases. As a workaround we can force a module load by putting an Import-Module in our profile, ideally we'd like to find a root cause.
Import-Module -Verbose doesn't help, because calling Import-Module first always works.
I need to install .cer certificate into "Trusted Devices" folder because I have PowerShell script which automatically installs software and only thing that is blocks the hole script is windows which asks about trustworthy of the dongle driver.
I use this cmdlet inside Vagrant
vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation Cert:\Local Computer\TrustedDevices"
Here is error message output
vagrant.exe : The following WinRM command responded with a non-zero exit status.
At line:1 char:2
+ vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.ce ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The following W...ro exit status.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Vagrant assumes that this means the command failed!
Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation Cert:\Local Computer\TrustedDevices
Stdout from the command:
Stderr from the command:
#< CLIXML
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"><S S="Error">Import-Certificate : A positional parameter cannot be found that accepts argument 'Computer\Trust
edDevices'._x000D__x000A_</S><S S="Error">At line:1 char:40_x000D__x000A_</S><S S="Error">+ ... lyContinue';Import-Certificate -Filepath C:\vagrant\Microcosm.cer -Ce ..._x000D__x000A_</S><S
S="Error">+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_x000D__x000A_</S><S S="Error"> + CategoryInfo : InvalidArgument: (:) [Import-Certificate], P
arameterBindingException_x000D__x000A_</S><S S="Error"> + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.CertificateServices.Commands.ImportCertificateComm _x000D__x000A_</
S><S S="Error"> and_x000D__x000A_</S><S S="Error"> _x000D__x000A_</S></Objs>
Cert:\Local Computer\TrustedDevices has a space in it. Try this with escaped quotes around your path:
vagrant.exe powershell -c "Import-Certificate -Filepath C:\vagrant\Microcosm.cer -CertStoreLocation `"Cert:\Local Computer\TrustedDevices`""