Use –ComputerName [TARGET] to analyze shells on a remote target endpoint.
Use –ProcDump [DumpPath] to analyze a Process Dump (Conhost or Shell) file.
Use –Deep to scan the actual process of the shell for any remaining data (you'll get FP).
Use –ProcessID [PID] to analyze specific (Conhost or Shell) process; don't use the flag if you want to scan all the processes automatically.
Supports PowerShell v2.0 and above
Remote WinRM capabilities