Update bat for live parsing

diogo-fernan / ir-rescue

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Other

465 stars 95 forks source link

Update bat for live parsing #7

Closed nwf9 closed 2 years ago

nwf9 commented 5 years ago

Hi Diogo,

Is it possible to update your batch script to include the live command capabilites for Eric Zimmerman tools like MFT,Amcache and so on.

diogo-fernan commented 5 years ago

Hey there,

What do you mean by live command capabilities? To provide support for customization of command parameters for the tools of Eric Zimmerman and possibly others?

Cheers

nwf9 commented 5 years ago

I mean live response instead of collecting all those artifact.

diogo-fernan commented 5 years ago

That would be a new tool entirely that falls out of the scope of batch forensics that this utility was written for. Have a look at https://github.com/google/grr for a live forensics tool.

nwf9 commented 5 years ago

I’m not talking about an agent but only an improvement of this script to handle the locked files instead of grab something.