Information Gathering Incident Response Script
Posted on October 24, 2012 by
So, you have a PC on your network that you think might be infected with some malware. What do you do? Well, you could always PSExec into the computer and run a series of commands. But why not automate that process and store the results?
That was my motivation for writing this IR-Script. It is like a first response tool for investigating a possibly infected PC. You run the tool, gather a bunch of information, and store it for review. The script gathers the following information from a PC: (more…)