CyberGirl74/Incident-Response-PowerShell-Lab

GitHub: CyberGirl74/Incident-Response-PowerShell-Lab

一个网络安全入门教学项目,通过模拟事件调查场景练习 PowerShell 命令行操作和事件响应文档记录技能。

Stars: 0 | Forks: 0

# 事件响应 PowerShell 实验 ## 概述 本实操实验演示了在网络安全和 IT 运维中使用的基础 PowerShell 技能。 目标是练习仅使用命令行来导航目录、创建文件、记录发现结果以及管理证据。 ## 练习技能 - PowerShell 导航 - 创建目录 - 创建文件 - 编辑文件 - 验证文件 - 事件文档记录 - 基础网络安全报告 ## 使用的命令 ``` mkdir investigations cd investigations New-Item incident1.txt -ItemType File New-Item incident2.txt -ItemType File New-Item incident3.txt -ItemType File ls notepad incident1.txt cat incident1.txt ## 调查场景 During a Wireshark network traffic investigation, unusual mDNS broadcasts were observed originating from my LG Smart TV on the local network. The device repeatedly advertised AirPlay services and broadcast information identifying its location as the living room. This activity was documented as part of a simulated incident response investigation. ## 发现 - LG Smart TV repeatedly announced itself using mDNS - AirPlay services were advertised on the local network - Device location information was visible in network broadcasts - Evidence was documented using PowerShell-created incident files ## 经验教训 This lab reinforced several important cybersecurity concepts: - Command-line proficiency is essential for cybersecurity professionals - Documentation is a critical part of incident response - Smart devices generate significant background network traffic - PowerShell can be used to organize investigations and evidence - Troubleshooting errors is a normal part of learning technical skills ### 遇到的错误 During this lab I attempted to open files by typing: evidence.txt notes.txt suspicious.log PowerShell returned CommandNotFound errors because it interpreted the filenames as commands. ### 解决方案 I learned to use: Get-Content filename.txt to read file contents and notepad filename.txt to edit files. This troubleshooting process helped reinforce how PowerShell handles commands versus files. ## 截图 ### 创建文件和证据 ![Creating Files](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/d888fb3185070251.png) ### 排查 PowerShell 错误 ![PowerShell Errors](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/9d9f109dac070258.png) ### 审查调查记录 ![Investigation Notes](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/0af969fe3b070304.png) ### 创建事件报告 ![Incident Reports](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/a1460f30c0070309.png) ### 最终调查发现 ![Final Findings](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/8651b09acb070314.png) ## 作者 Shauna "Storm" Davis Cyber & Data Security Technology Student Future CISO | Cybersecurity Enthusiast | Lifelong Learner ```
标签:AI合规, IPv6, PowerShell, 安全实验, 安全运营, 库, 应急响应, 扫描框架