Found while doing forensics on some rediscovered loose flash drives.
lsusb
Look what they need to mimic a fraction of our power.
I’ve always been particularly revolted by powershell syntax and utilities
Yes, if it was as object based as it claims, Get-WmiObject would subtract WmiObject from Get. Instead it is like having all the clutchy drawbacks from being object based without reaping any of the potential bemefits.
If you want anything that actually is object based, just use xon.sh - sane and familiar syntax with insane amounts of power just like that
Or nushell.
Is this a joke
It’s from the beginning meant to be fully scripted though. You’re not supposed to be putting in these commands manually, it’s meant to be used in an environment where the 5-50 commands you or your company needs constantly have aliases and script files defined and on PATH.
I mean, that’s great, I hate scripting in powershell too though lol.
Fair, as do I honestly. 😅
Get-Disk would have sufficed here, no real need to use WMI here. That said, you would still need to filter USB device and select properties you want to retrieve.
And unrelated, but if WMI class needs to be queried, Get-CimInstance is the preferred method instead of Get-WmiObject for quite some time.
Microsoft products in this area are weird to me. Like C#, Powershell is great on one hand yet annoying and more difficult to rangle on the other compared to other solutions that are out there.
At least it’s more readable than Bash.
Although that’s not much of an accomplishment.
Please explain for a dummy.
OP was trying to get the information for a hard disk in their computer, but after running a command it looks like the serial number for that disk is
💙BThe humor is in the amount of hoops to jump through to get some basic info out using Powershell. Under Linux one would use a single command or just check what the system exposes in the form of a file.
I have no idea how to do forensics under Windows to be honest. You’d probably have to write something to get to the block layer so it can be dumped and analyzed. Perhaps OP can amuse us how he went about it.
It’s just one command with a bunch of selects, you could probably just run the first part. I can try it myself later.
There are a lot of software that forensics can use, I don’t know how common windows is but considering its usage for everything else in companies and governments, I wouldn’t be surprised if forensics use primarily Windows.
