v2.2.2

[v2.2.2]

v2.2.1

[v2.2.1]

v2.2.0

[v2.2.0]

Added

• Added -DomainController parameter to query specific Domain Controller(s)
  for Kerberos (4768-4772) and NTLM (4776) pre-authentication events remotely.
• Added -AllDomainControllers switch to query ALL DCs in the domain for
  complete pre-authentication event coverage.
• Added automatic secure channel DC discovery via nltest /sc_query when
  -IncludeCredentialValidation is used without explicit DC parameters.
• Added WinRM (Invoke-Command) transport with automatic RPC/DCOM fallback
  for Domain Controller event queries.
• Added DC hostname in parsed event Details for traceability.
• Added DC target display in analysis header output.
• Added Get-RDPForensics.DomainController.Tests.ps1 test file with
  comprehensive parameter, parsing, and compatibility tests.
• Added scenarios 19-21 to Examples.ps1 for DC query workflows.

Changed

• -IncludeCredentialValidation no longer requires running on a Domain
  Controller. The tool now queries DCs remotely from any Terminal Server.
• -DomainController and -AllDomainControllers implicitly enable
  -IncludeCredentialValidation.
• Updated KERBEROS_NTLM_AUTHENTICATION.md documentation to reflect
  remote DC query capability and removed DC-only constraint.
• Updated GETTING_STARTED.md and QUICK_REFERENCE.md with new
  DC query parameters and examples.

v2.1.3

[v2.1.3]

v2.1.2-preview0001

[v2.1.2-preview0001]

v2.1.1

Changed

• Increased code coverage from ~26% to ~74% with comprehensive mock-based Pester tests for all internal parsing functions of Get-RDPForensics

Coverage Improvements

Function	Before	After
Get-RDPForensics	59.9%	98.3%
Get-CorrelatedSessions	11.7%	97.8%
Get-RDPConnectionAttempts	29.0%	96.8%
Get-RDPSessionEvents	68.8%	93.8%
Get-RDPLogoffEvents	26.0%	90.4%
Get-RDPLockUnlockEvents	18.0%	88.0%
Get-RDPSessionReconnectEvents	17.0%	86.8%
Get-OutboundRDPConnections	31.0%	86.2%
Get-RDPAuthenticationEvents	8.7%	83.9%

Full Changelog: v2.1.0...v2.1.1

v2.1.0

Changes

Changed

• Renamed Get-CurrentRDPSessions to Get-RDPCurrentSessions to follow PowerShell verb-noun naming conventions and align with the module prefix pattern - BREAKING CHANGE
• Refactored Get-RDPForensics with modular internal functions: Get-CorrelatedSessions, Get-RDPConnectionAttempts, Get-RDPAuthenticationEvents, Get-RDPSessionEvents, Get-RDPLockUnlockEvents, Get-RDPSessionReconnectEvents, Get-RDPLogoffEvents, and Get-OutboundRDPConnections
• Updated all documentation, examples, integration tests, and references

Added

• Added -ShowProcesses parameter to Get-RDPCurrentSessions to display running processes per session
• Added -Watch and -RefreshInterval parameters for continuous monitoring mode
• Added -LogPath parameter for session logging

Full Changelog: v2.0.0...v2.1.0

v2.0.1-preview0001

[v2.0.1-preview0001]

v2.0.0

[v2.0.0]

Added

• For new features.

Changed

• For changes in existing functionality.

Deprecated

• For soon-to-be removed features.

Removed

• For now removed features.

Fixed

• For any bug fix.

Security

• In case of vulnerabilities.

v0.2.0-preview0002

[v0.2.0-preview0002]

Added

• For new features.

Changed

• For changes in existing functionality.

Deprecated

• For soon-to-be removed features.

Removed

• For now removed features.

Fixed

• For any bug fix.

Security

• In case of vulnerabilities.