:rocket: PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
if you collect the informations from a remote system, most of the data is useless because the script is reading informations from the current security context which is of course my own remote login and not the user currently logged on the infected computer. To do a good and full investigation it would be important to get informations about the user who triggered the infection...