Question 1

How to install Meerkat without using Git?

Accepted Answer

You can install Meerkat via PowerShell by downloading the master.zip from GitHub and extracting it to the PowerShell modules directory, as detailed in the README's 'Install with PowerShell' section. This method is useful for systems where Git isn't available.

Question 2

Meerkat vs Kansa for Windows forensics?

Accepted Answer

Meerkat focuses on agentless collection via PowerShell remoting with a lightweight footprint, while Kansa is a broader incident response framework that often requires more setup. Meerkat is better for quick, one-off scans, but Kansa might offer more advanced modules and community scripts.

Question 3

Does Meerkat work on Windows Server 2012?

Accepted Answer

Yes, Meerkat requires PowerShell 3.0 or higher on target systems, which is available on Windows Server 2012. However, you may need to enable WinRM and ensure administrative access for full functionality.

Question 4

How to schedule Meerkat scans across multiple hosts?

Accepted Answer

Use the provided Meerkat-Task.ps1 script with Scheduled Tasks, as outlined in the README. You'll need to configure managed service accounts and ensure WinRM is enabled on remote hosts, which can involve complex troubleshooting steps.

Question 5

Can Meerkat export data to JSON instead of CSV?

Accepted Answer

The README mentions standardized output that can easily support JSON, but by default, it exports to CSV. You might need to modify the scripts or use PowerShell cmdlets to convert the output, as it's built for flexibility.

Question 6

What permissions are needed for remote scanning with Meerkat?

Accepted Answer

Remote scanning requires an account with local administrative privileges on the target system and WinRM enabled. The README's troubleshooting section details tests to verify permissions and connectivity.

Meerkat

What is Meerkat?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions