Question 1

How to securely install Invoke-LiveResponse in a locked-down environment?

Accepted Answer

Avoid the one-liner install; instead, manually download the module from GitHub, review the scripts for safety, and place them in the PowerShell profile after approval. Always follow organizational security protocols for script execution.

Question 2

What's the difference between Invoke-LiveResponse and the Kansa Framework?

Accepted Answer

Invoke-LiveResponse is inspired by Kansa but adds integrated memory acquisition via WinPMem and reflective loading of Powerforensics for raw disk access in ForensicCopy mode, whereas Kansa is more general-purpose for script execution without these specific forensic features.

Question 3

Can Invoke-LiveResponse collect memory dumps on Windows Server 2016?

Accepted Answer

Yes, as long as WinPMem is compatible, Invoke-LiveResponse can acquire memory dumps on Windows Server 2016 and other supported Windows versions through the ForensicCopy mode, leveraging WinPMem integration.

Question 4

How do I run Invoke-LiveResponse over WinRM?

Accepted Answer

Ensure WinRM is enabled on the target machine, then use the module with appropriate switches to specify the remote computer. The README notes it was originally designed for WinRM, allowing remote execution without local access.

Question 5

What forensic artifacts does Invoke-LiveResponse collect by default?

Accepted Answer

In ForensicCopy mode, it collects common artifacts like event logs and registry hives using Powerforensics, plus custom files based on switches. The exact list depends on the configured functions in the scriptblock assembly.

Question 6

Is Invoke-LiveResponse compatible with PowerShell Core 7?

Accepted Answer

The README states support for PowerShell 2.0+ on Windows, but since PowerShell Core is cross-platform and may have differences, compatibility is not guaranteed. It's primarily tested with Windows PowerShell, so users should verify functionality in their environment.

Invoke-LiveResponse

What is Invoke-LiveResponse?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions