-
Notifications
You must be signed in to change notification settings - Fork 1
/
Forensic information scanner(for PC).bat
45 lines (42 loc) · 1.6 KB
/
Forensic information scanner(for PC).bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
@echo off
title Forensic Information Scanner(creatred by OxideDevX)
color 8a
echo HI!
echo ############################################################
echo #### ####
echo ####### Forensic Information Scanner #######
echo #### ####
echo ############################################################
echo.
echo Gathering information...
whoami > %COMPUTERNAME%-IS.txt
whoami /priv >> %COMPUTERNAME%-IS.txt
echo %username% >> %COMPUTERNAME%-IS.txt
net user >> %COMPUTERNAME%-IS.txt
cmdkey /list >> %COMPUTERNAME%-IS.txt
doskey /history >>%COMPUTERNAME%-IS.txt
:: user part
systeminfo >> %COMPUTERNAME%-IS.txt
getmac >> %COMPUTERNAME%-IS.txt
dir C:\ >> %COMPUTERNAME%-IS.txt
dir E:\ >> %COMPUTERNAME%-IS.txt
dir F:\ >> %COMPUTERNAME%-IS.txt
dir C:\Users >> %COMPUTERNAME%-IS.txt
dir C:\"Program Files" >> %COMPUTERNAME%-IS.txt
dir C:\"Program Files (x86)" >> %COMPUTERNAME%-IS.txt
dir C:\Users >>%COMPUTERNAME%-IS.txt
tree c:\ /f | more >> %COMPUTERNAME%-IS.txt
tree e:\ /f | more >> %COMPUTERNAME%-IS.txt
tree f:\ /f | more >> %COMPUTERNAME%-IS.txt
tree d:\ /f | more >> %COMPUTERNAME%-IS.txt
tree a:\ /f | more >> %COMPUTERNAME%-IS.txt
tasklist >> %COMPUTERNAME%-IS.txt
wmic startup list full >> %COMPUTERNAME%-IS.txt
::Network part
ipconfig /all >> %COMPUTERNAME%-IS.txt
netstat -ao >> %COMPUTERNAME%-IS.txt
net view >> %COMPUTERNAME%-IS.txt
arp -a >> %COMPUTERNAME%-IS.txt
::Software Information
wmic product get /format:csv > %COMPUTERNAME%-IS.csv
exit