Skip to content

IllusiveNetworks-Labs/Get-NetworkConnection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Get-NetworkConnection.ps1
Get-NetworkConnection.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Get-NetworkConnection

Get-NetworkConnection is a PowerShell script used to return current TCP and UDP connections, originally developed by Lee Christensen (@tifkin_)
This is an edited version of the script which also includes a Timestamp for each connection.

Additional reading material on the addition of timestamps evidence to the tool, can be found in our blog - Why and How to Extract Network Connection Timestamps for DFIR Investigations.

How to use

Usage: Get-NetworkConnection

Example

alt tag

Author

Hadar Yudovich

License

This project is licensed under the BSD 3-clause license - see the LICENSE file for details

Contributors

Original Developers:

  • Lee Christensen (@tifkin_)
  • Matthew Graeber (@mattifestation)

Illusive Networks Research team members:

  • Dolev Ben Shushan
  • Tom Kahana
  • Tom Sela

About

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

blog.illusivenetworks.com/tech/why-and-how-to-extract-network-connection-timestamps-for-dfir-investigations

Topics

timeline netstat dfir timestamp

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

35 stars

Watchers

8 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages