CimSweep

0.4.0.0

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CIM/WMI obviates the need for the installation of a host-based agent. The WMI service is running by default on all versions of Windows.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name CimSweep -RequiredVersion 0.4.0.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Matthew Graeber

Copyright

BSD 3-Clause

Owners

Tags

security DFIR defense

Functions

Get-CSRegistryKey Get-CSRegistryValue Get-CSMountedVolumeDriveLetter Get-CSDirectoryListing Get-CSEventLog Get-CSEventLogEntry Get-CSService Get-CSProcess Get-CSEnvironmentVariable Get-CSRegistryAutoStart Get-CSScheduledTaskFile Get-CSTempFile Get-CSLowILPathFile Get-CSShellFolderPath Get-CSStartMenuEntry Get-CSTypedURL Get-CSWmiPersistence

Dependencies

This module has no dependencies.

Release Notes

0.4.0
-----
* Compatible PS Editions: Desktop, Core (i.e. Nano Server and Win 10 IoT)
* -IncludeAcl switch added to Get-CSRegistryKey and Get-CSDirectoryListing. Appending this argument will add an ACL parameter to each object returned.
* The output types of all functions are now fully and properly documented.

Version History

Version Downloads Last updated
0.6.0.0 1,554 5/13/2017
0.5.1.0 194 10/8/2016
0.5.0.0 132 5/28/2016
0.4.1.0 24 5/16/2016
0.4.0.0 (current version) 14 5/16/2016