{"id":2807,"date":"2014-02-17T16:49:25","date_gmt":"2014-02-17T16:49:25","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2014\/02\/17\/powershell-in-forensic-investigations\/"},"modified":"2025-07-29T16:06:34","modified_gmt":"2025-07-29T15:06:34","slug":"powershell-in-forensic-investigations","status":"publish","type":"post","link":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/","title":{"rendered":"PowerShell in Forensic Investigations"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

This is meant to be a short post about PowerShell as an aid in forensic investigations. We will not dive into what a proper forensic investigation looks like, we will just assume that somehow we have access to the compromised machine (a Windows Server 2012 R2 VM was used for our tests) -or a copy of it- and will be showcasing some nice features of PowerShell that can be quite useful, and hopefully will help us to discern what happened in the compromised system. This is not meant to be an introduction to PowerShell either, basic knowledge of it is assumed.<\/p>\n

When we face a breach in our systems, we want to retrieve as much information as possible to help us build a timeline of the intrusion, and hopefully figure out how the attackers gained access to our system and what parts of it they had access to. For this matter, PowerShell can prove very useful. Windows has integrated it in its newest operating systems, and steadily become Microsoft’s preferred method for managing their core products. For example, the latest versions of Exchange, SharePoint, and even Windows Server 2012 can be managed almost entirely via PowerShell. In fact, many of the GUI management tools Microsoft provides for these applications are simply performing PowerShell operations in the background.<\/p>\n

Without further ado, let\u2019s get down to business. A number of PowerShell cmdlets are described below that will help you getting vital information from the compromised system.<\/p>\n

<\/p><\/h3>

Network Information<\/b><\/h3>\n

Powershell provides a complete set of network related cmdlets (https:\/\/technet.microsoft.com\/en-us\/library\/hh826123.aspx<\/a>). Some of them can be really useful for out topic:<\/p>\n

– Get-NetTCPConnection:<\/u> \u201cThe Get-NetTCPConnection cmdlet gets current TCP connections. Use this cmdlet to view TCP connection properties such as local or remote IP address, local or remote port, and connection state.\u201d<\/p>\n

The following example lists all the established TCP connections in our system:<\/p>\n

PS C:\\> Get-NetTCPConnection \u2013State Established<\/code><\/div>\n

 <\/p>\n

– Get-NetRoute:<\/u> \u201cThe Get-NetRoute cmdlet gets IP route information from the IP routing table, including destination network prefixes, next hop IP addresses, and route metrics.\u201d<\/p>\n

System Processes<\/b><\/p>\n

– Get-Process:<\/u> \u201cThe Get-Process cmdlet gets the processes on a local or remote computer. By default, Get-Process returns a process object that has detailed information about the process and supports methods that let you start and stop the process. You can also use the parameters of Get-Process to get file version information for the program that runs in the process and to get the modules that the process loaded.\u201d<\/p>\n

In the following example, all the active processes are shown:<\/p>\n

PS C:\\> Get-Process<\/code><\/div>\n

 <\/p>\n

If we wanted to get more detailed information about one of this processes, i.e.: \u201cwlms\u201d, we could do that by just appending the process name to the command, and then passing the data to the Format-List cmdlet, which displays all available properties (*) of the \u201cwlms\u201d process object.<\/p>\n

PS C:\\> Get-Process wlms | format-list *<\/code><\/div>\n

Windows Event Logs<\/b><\/p>– Get-EventLog:<\/u> \u201cThe Get-EventLog cmdlet gets events and event logs on the local and remote computers.\u201d<\/h3>\n

In the following example we first get a list of all the available event logs by using the \u201c-list\u201d flag:<\/p>\n

PS C:\\> Get-EventLog -list<\/code><\/div>\n

 <\/p>\n

We can use this list to retrieve the name of the available events and pass them again to \u201cGet-EventLog\u201d and thus get the actual logs:<\/p>\n

PS C:\\> Get-EventLog -list | %{ Get-EventLog $_.Log}<\/code><\/div>\n

 <\/p>\n

– Get-WinEvent:<\/u> \u201cThe Get-WinEvent cmdlet gets events from event logs, including classic logs, such as the System and Application logs, and the event logs that are generated by the Windows Event Log technology introduced in Windows Vista. It also gets events in log files generated by Event Tracing for Windows (ETW).\u201d<\/p>\n

The use of this cmdlet is very similar to the one showed before, but it also includes event logs generated by the newest versions of Windows. The following command can be used to list the Security,Application and System event logs:<\/p>\n

PS C:\\> Get-WinEvent -LogName \"Security\",\"System\",\"Application\"<\/code><\/div>\n

Users and Groups<\/b><\/p>– Get-ADuser:<\/u> \u201cThe Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects.\u201d<\/h3>\n

The following example lists all the available users in the domain:<\/p>\n

PS C:\\> Get-ADUser -Filter *<\/code><\/div>\n

 <\/p>\n

– Get-ADGroup:<\/u> \u201cThe Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory.\u201d<\/p>\n

In the example below we can see how to use this cmdlet to get a list of all the groups in the domain:<\/p>\n

PS C:\\> Get-ADGroup -Filter *<\/code><\/div>\n

Combining the previous cmdlets with some PowerShell magic it is possible to get a nice list of AD groups with their members:<\/p>\n

PS C:\\ > ForEach ($Group in (Get-ADGroup -Filter *)) { Get-ADGroupMember $Group | Select @{Label=\"Group\";Expression={$Group.Name}},Name,SamAccountName }<\/code><\/div>\n

Start-Up Processes<\/b><\/h3>Another useful thing to remember when carrying out a forensic investigation is to check for strange start-up processes. This can be easily done with the \u201cGet-CIMInstance\u201d and its ability to access CIM instances of a class from a CIM server.
PS C:\\ > Get-CimInstance win32_service -Filter \"startmode = 'auto'\"<\/code><\/p>\n

Recently Modified Files<\/b>
Using the \u201cGet-ChildItem\u201d we can retrieve the items and child items in one or more specified locations. By doing so recursively and then applying a filter to the modified date of the file it is possible to get a list of files modified within a certain period of time, for the following example we will use within the last 7 days:
PS C:\\ > Get-ChildItem -Recurse C:\\ | ? {$_.lastwritetime -gt (Get-Date).AddDays(-7)}<\/code><\/p>\n

Miscellaneous<\/b>
PoweShell has a very interesting and relatively new management platform called WinRM. From a PowerShell standpoint, WinRM provides the platform that allows for running PowerShell commands directly on remote machines. WinRM is included by default on Vista and higher, and can be installed on XP and Server 2003 R2. However, the WinRM service is not running by default on workstation platforms (Vista\/7\/8), though it is started automatically on Server 2008 and 2012. For more information please refer to the official documentation.<\/p>\n

Another point to mention is that PowerShell provides multiple cmdlets to export the output of its commands and store them in a convenient way. Some of these cmdlets are:
– \u201cExport-Csv\u201d:<\/u> https:\/\/technet.microsoft.com\/en-us\/library\/ee176825.aspx<\/a>
– \u201cExport-Clixml\u201d:<\/u> https:\/\/technet.microsoft.com\/en-us\/library\/ee176824.aspx<\/a>
– \u201cOut-File\u201d:<\/u> https:\/\/technet.microsoft.com\/en-us\/library\/ee176924.aspx<\/a><\/p>\n

To summarize, PowerShell is a growing and evolving technology that can provide users with very powerful features. In this blog entry we have quickly gone through some useful cmdlets that PowerShell brings and that hopefully will help in our forensic investigations.<\/p>\n


<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

This is meant to be a short post about PowerShell as an aid in forensic investigations. We will not dive into what a proper forensic investigation looks like, we will just assume that somehow we have access to the compromised machine (a Windows Server 2012 R2 VM was used for our tests) -or a copy […]<\/p>\n","protected":false},"author":1,"featured_media":23888,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[213],"class_list":["post-2807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-forensics","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nPowerShell in Forensic Investigations<\/title>\n<meta name=\"description\" content=\"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PowerShell in Forensic Investigations\" \/>\n<meta property=\"og:description\" content=\"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2014-02-17T16:49:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-29T15:06:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"PowerShell in Forensic Investigations\",\"datePublished\":\"2014-02-17T16:49:25+00:00\",\"dateModified\":\"2025-07-29T15:06:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/\"},\"wordCount\":1036,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1\",\"keywords\":[\"forensics\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/\",\"name\":\"PowerShell in Forensic Investigations\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1\",\"datePublished\":\"2014-02-17T16:49:25+00:00\",\"dateModified\":\"2025-07-29T15:06:34+00:00\",\"description\":\"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1\",\"width\":2048,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/powershell-in-forensic-investigations\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PowerShell in Forensic Investigations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.com\\\/en-us\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PowerShell in Forensic Investigations","description":"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/","og_locale":"en_US","og_type":"article","og_title":"PowerShell in Forensic Investigations","og_description":"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.","og_url":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2014-02-17T16:49:25+00:00","article_modified_time":"2025-07-29T15:06:34+00:00","og_image":[{"width":2048,"height":1280,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"PowerShell in Forensic Investigations","datePublished":"2014-02-17T16:49:25+00:00","dateModified":"2025-07-29T15:06:34+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/"},"wordCount":1036,"publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"image":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","keywords":["forensics"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/","url":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/","name":"PowerShell in Forensic Investigations","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#primaryimage"},"image":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","datePublished":"2014-02-17T16:49:25+00:00","dateModified":"2025-07-29T15:06:34+00:00","description":"Explore how PowerShell can support forensic investigations by enabling efficient evidence collection, analysis, and incident response.","breadcrumb":{"@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","width":2048,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/en-us\/powershell-in-forensic-investigations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/en-us\/"},{"@type":"ListItem","position":2,"name":"PowerShell in Forensic Investigations"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/en-us\/#website","url":"https:\/\/dionach.com\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.com\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/07\/AdobeStock_178545871.jpeg?fit=2048%2C1280&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-Jh","_links":{"self":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/comments?post=2807"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2807\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media\/23888"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media?parent=2807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/categories?post=2807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/tags?post=2807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}