I would like to create a forensic script for windows
Hi,
I am trying to create two forensic scripts, one for physical access to the machine, but the more important one is a network based script. FYI have admin rights to the computers on the network. I would like this to be more of a helping situation and not just here is the answer.
I have found this article from IronGeek that gives certain locations in windows that should contain relevant information, but can't find the folders or reg keys he mentions:
http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Here is a brief description of the script i want to write:
input for users username
input for hostname
Menu asking if the machine is windows 7,XP
Menu asking what to pull, such as Web, recent files, ALL, etc...
From there I would want the script to collect the data and then map a drive and transfer it to my machine and delete the files created on the users machine.
If you know of any good spots in windows 7 or XP(more XP since we are currently 99% XP but will be moving to 7 soon) please let me know where to get the information and what it pertains to.
Thank you everybody for your help.
I am trying to create two forensic scripts, one for physical access to the machine, but the more important one is a network based script. FYI have admin rights to the computers on the network. I would like this to be more of a helping situation and not just here is the answer.
I have found this article from IronGeek that gives certain locations in windows that should contain relevant information, but can't find the folders or reg keys he mentions:
http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
Here is a brief description of the script i want to write:
input for users username
input for hostname
Menu asking if the machine is windows 7,XP
Menu asking what to pull, such as Web, recent files, ALL, etc...
From there I would want the script to collect the data and then map a drive and transfer it to my machine and delete the files created on the users machine.
If you know of any good spots in windows 7 or XP(more XP since we are currently 99% XP but will be moving to 7 soon) please let me know where to get the information and what it pertains to.
Thank you everybody for your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.