Created
October 1, 2020 16:09
-
-
Save CyberAstronaut101/b9dca6acd4ab61e327ed704647728bbc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::========================================================== | |
| :: Elliot Mason - Computer Forensics - Lab 02 | |
| :: Computer Information Collection Script | |
| ::========================================================== | |
| :: Set script variables here | |
| @echo off | |
| SET seperator========================================================= | |
| SET SystemInfo="System_Info.txt" | |
| SET SystemInfoHash="System_Info_Hash.txt" | |
| SET SystemUsers="System_Users.txt" | |
| SET SystemUsersHash="System_Users_Hash.txt" | |
| SET SystemNetwork="System_Network.txt" | |
| SET SystemNetworkHash="System_Network_Hash.txt" | |
| ::========================================================= | |
| :: Create the report output files | |
| :: Make folder for output | |
| SET currentDate=%date:~-7,2%"-"%date:~-10,2%"-"%date:~-4,4% | |
| :: Create folder under day/month/year with the hour:min timestamp of script run | |
| mkdir %currentDate% | |
| chdir %currentDate% | |
| :: create a folder w/ hour:min | |
| REM SET currentTime=%time:~0,2%.%time:~3,2% | |
| REM mkdir %currentTime% | |
| REM chdir %currentTime% | |
| ::========================================================== | |
| :: General Info Generation and file creation | |
| :: - system time and date + timezone | |
| :: - OS version info | |
| :: - Memory, HDD, mounted fs | |
| :: - startup applications | |
| echo %seperator% >> %SystemInfo% | |
| echo systeminfo >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| systeminfo >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| :: Startup applications | |
| echo %seperator% >> %SystemInfo% | |
| echo Startup Applications - wmic startup get caption,command >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| wmic startup get caption,command >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo schtasks /query >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| schtasks /query >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo Running Processes - tasklist >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| tasklist >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo Mounted Disks - fsutil fsinfo drives>> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| fsutil fsinfo drives >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| :: Will comment out to save time during testing | |
| echo %seperator% >> %SystemInfo% | |
| echo Installed Programs - wmic product >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| wmic product >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo Installed Drivers - driverquery >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| driverquery >> %SystemInfo% | |
| echo %seperator% >> %SystemInfo% | |
| echo. >> %SystemInfo% | |
| :: Generate Hash of output file | |
| sha256sum %SystemInfo% >> %SystemInfoHash% | |
| ::========================================================= | |
| :: Users on System | |
| ::========================================================= | |
| :: local users | |
| echo %seperator% >> %SystemUsers% | |
| echo net user >> %SystemUsers% | |
| echo %seperator% >> %SystemUsers% | |
| net user >> %SystemUsers% | |
| echo %seperator% >> %SystemUsers% | |
| echo. >> %SystemUsers% | |
| :: local groups | |
| echo %seperator% >> %SystemUsers% | |
| echo net localgroup >> %SystemUsers% | |
| echo %seperator% >> %SystemUsers% | |
| net localgroup >> %SystemUsers% | |
| echo %seperator% >> %SystemUsers% | |
| echo. >> %SystemUsers% | |
| :: TODO if have time, loop through all users and run `net user <username>` to gather more info on the user in output | |
| :: Geneate hash of file | |
| sha256sum %SystemUsers% >> %SystemUsersHash% | |
| ::========================================================= | |
| :: Networking Info on System -- %SystemNetwork% | |
| ::========================================================= | |
| echo %seperator% >> %SystemNetwork% | |
| echo ipconfig /all >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| ipconfig /all >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo. >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo DNS Cache - ipconfig /displaydns >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| ipconfig /displaydns >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo. >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo Routing Tables - route print >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| route print >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo. >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo ARP Table - arp -a >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| arp -a >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo. >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo Open TCP/IP Ports - netstat -an >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| netstat -an >> %SystemNetwork% | |
| echo %seperator% >> %SystemNetwork% | |
| echo. >> %SystemNetwork% | |
| :: Geneate hash of file | |
| sha256sum %SystemNetwork% >> %SystemNetworkHash% |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment