I am trying to create two forensic scripts, one for physical access to the machine, but the more important one is a network based script. FYI have admin rights to the computers on the network. I would like this to be more of a helping situation and not just here is the answer.
I have found this article from IronGeek that gives certain locations in windows that should contain relevant information, but can't find the folders or reg keys he mentions:
Here is a brief description of the script i want to write:
input for users username
input for hostname
Menu asking if the machine is windows 7,XP
Menu asking what to pull, such as Web, recent files, ALL, etc...
From there I would want the script to collect the data and then map a drive and transfer it to my machine and delete the files created on the users machine.
If you know of any good spots in windows 7 or XP(more XP since we are currently 99% XP but will be moving to 7 soon) please let me know where to get the information and what it pertains to.
Thank you everybody for your help.