Found while doing forensics on some rediscovered loose flash drives.
lsusb
Look what they need to mimic a fraction of our power.
Text Based OS > Object Based OS
Everything that is wrong with PowerShell in my opinion is driven by the Object Oriented nature of Windows as an OS.
Since everything in Linux is text, grep is king.
Also lots of command line tools have a flag to output json, and then you can do everything powershell can
Don’t you think immediately getting the property you’re interested in from an object is easier and more readable than first grepping some output to get the line you want and then removing the leading and trailing garbage on that line manually?
I thing PS scripting would be much more fun if the words weren’t so annoyingly long.
first grepping some output to get the line you want and then removing the leading and trailing garbage on that line manually
That’s not what we do, though. Give me a more concrete example, and I’ll let you know how I would expect to do it in a nix environment. I’d be curious to compare. Since I have zero experience with powershell, I am not really sure what to expect. The couple times I’ve glanced at a powershell script it looked awful, but I could be falling into Paul Graham’s blub paradox there. OK, I don’t think so, but maybe.
I’ve always been particularly revolted by powershell syntax and utilities
It’s from the beginning meant to be fully scripted though. You’re not supposed to be putting in these commands manually, it’s meant to be used in an environment where the 5-50 commands you or your company needs constantly have aliases and script files defined and on PATH.
Yes, if it was as object based as it claims, Get-WmiObject would subtract WmiObject from Get. Instead it is like having all the clutchy drawbacks from being object based without reaping any of the potential bemefits.
If you want anything that actually is object based, just use xon.sh - sane and familiar syntax with insane amounts of power just like that
Get-Disk would have sufficed here, no real need to use WMI here. That said, you would still need to filter USB device and select properties you want to retrieve.
And unrelated, but if WMI class needs to be queried, Get-CimInstance is the preferred method instead of Get-WmiObject for quite some time.
Please explain for a dummy.
The humor is in the amount of hoops to jump through to get some basic info out using Powershell. Under Linux one would use a single command or just check what the system exposes in the form of a file.
I have no idea how to do forensics under Windows to be honest. You’d probably have to write something to get to the block layer so it can be dumped and analyzed. Perhaps OP can amuse us how he went about it.
It’s just one command with a bunch of selects, you could probably just run the first part. I can try it myself later.
There are a lot of software that forensics can use, I don’t know how common windows is but considering its usage for everything else in companies and governments, I wouldn’t be surprised if forensics use primarily Windows.
Microsoft products in this area are weird to me. Like C#, Powershell is great on one hand yet annoying and more difficult to rangle on the other compared to other solutions that are out there.