From 511818424450c63f90a693031d399500bcf04189 Mon Sep 17 00:00:00 2001
From: Alexander Knorr <opex@gmx.ch>
Date: Wed, 9 Nov 2016 14:31:19 +0100
Subject: [PATCH] Create PowerforensicsInstall.ps1

PowerforensicsInstall
---
 PowerforensicsInstall.ps1 | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 PowerforensicsInstall.ps1

diff --git a/PowerforensicsInstall.ps1 b/PowerforensicsInstall.ps1
new file mode 100644
index 0000000..e689dd0
--- /dev/null
+++ b/PowerforensicsInstall.ps1
@@ -0,0 +1,24 @@
+# Make sure the module is not loaded
+Remove-Module Powerforensics -ErrorAction SilentlyContinue
+# Download latest version
+$webclient = New-Object System.Net.WebClient
+$url = "https://github.com/Invoke-IR/PowerForensics/archive/master.zip"
+Write-Host "Downloading latest version of Powerforensics from $url" -ForegroundColor Cyan
+$file = "$($env:TEMP)\Powerforensics.zip"
+$webclient.DownloadFile($url,$file)
+Write-Host "File saved to $file" -ForegroundColor Green
+# Unblock and Decompress
+Unblock-File -Path $file
+$targetondisk = "$([System.Environment]::GetFolderPath('MyDocuments'))\WindowsPowerShell\Modules"
+New-Item -ItemType Directory -Force -Path $targetondisk | out-null
+$shell_app=new-object -com shell.application
+$zip_file = $shell_app.namespace($file)
+Write-Host "Uncompressing the Zip file to $($targetondisk)" -ForegroundColor Cyan
+$destination = $shell_app.namespace($targetondisk)
+$destination.Copyhere($zip_file.items(), 0x10)
+# Rename and import
+Write-Host "Renaming folder" -ForegroundColor Cyan
+Rename-Item -Path ($targetondisk+"\Powerforensics-master") -NewName "Powerforensics" -Force
+Write-Host "Module has been installed" -ForegroundColor Green
+Import-Module -Name Powerforensics
+Get-Command -Module Powerforensics