# PowerShell Collection Script
# Target: FileExplorerReplacements (Compound Target)
# Use KAPE for compound target collection:
# kape.exe --tsource C: --tdest D:\Evidence --target FileExplorerReplacements

Write-Host "For compound targets, use KAPE directly for best results." -ForegroundColor Yellow

› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1

Note: This is a compound target that references 12 other targets. KAPE will automatically collect all referenced artifacts.

references

For those looking to contribute to this list, check here for ideas: https://en.wikipedia.org/wiki/Comparison_of_file_managers or https://alternativeto.net/software/total-commander/.

Install one of the applications not covered above and find where useful information is stored. If useful information can be located, make an individual Target for it and place in the appropriate folder. Then, include that Target in the appropriate Compound Target.

Use Everything, Directory Monitor Pro (not free, but use a trial if you don't want to pay), NirSoft's RegistryChangesView, etc to monitor what these applications do to the File System and DOCUMENT!

// description

// includes (12)

// paths

// collection commands

// references

description

includes (12)

paths

collection commands

references