Extending Functionality

diogo-fernan / ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Other

465 stars 95 forks source link

Extending Functionality #11

Open fmurer opened 5 years ago

fmurer commented 5 years ago

Added the following extractions:

installed software
shellbags
extraction of NTUSER and UsrClass log files

diogo-fernan commented 5 years ago

Please comply with the provided coding structure and variables. BASEDIR is not required. Tool counters (it and itt) are not being updated to reflect the changes either.

fmurer commented 5 years ago

I added BASEDIR for the SBECmd.exe, because it did not recognise the relative path. I think it went from C:\Windows\System32\ as it runs as Administrator.

Incrementing the counters I forgot. Could you shortly explain in what they differ?

diogo-fernan commented 5 years ago

The counters itt and it respectively reflect the number of individual tools run and the number of group (containing a header) of tools. BASEDIR is not required and WMI cannot be used as per the requirements of the project. Please read the description of the tool.