L. Frequently Asked Questions - Asymmetric-InfoSec/Power-Response GitHub Wiki

What is the difference between plugin types?

Ultimately, the naming convention is mostly to help analysts understand how data is being collection from remote machines. In short, Collect plugins retrieve data only, retrieve plugins retrieve artifacts, triage plugins collect multiple plugins worth of data in a single plugin. Hunt, Scope, and Eradicate plugins use a combination of the methods above to achieve their respective goals.

Can Power-Response be used against offline images?

Not at this time. Power-Response was created to support live incident response and hunting scenarios. We recommend to use tools like KAPE or other tools consolidated in the SIFT Workstation to perform offline analysis.

Does Power-Response Work on Linux Machines?

As of right now, probably not. We have included Linux support on our road map for when PowerShell 7 hits mainstream release since that should have full backwards compatibility for all PowerShell versions including 5.1 and Core 6.0