Lab 9a Scripting Practice - FlameSpyro/Tech-Journal GitHub Wiki

:TKT
set /p TKTNUM=What is the ticket number for this report? (e.g. 0001):
ECHO You entered: "%TKTNUM%"
set /p CHKTKT=Is this correct? (y/n)
If /i "%CHKTKT%"=="n" goto :TKT
cls


:USR
set /p USRNAME=Enter the userID authenticated at the time of the incident (e.g. bmookie):
ECHO You entered: "%USRNAME%"
set /p USR=Is this correct? (y/n)
If /i "%USR%"=="n" goto :USR
cls

 
REM Create location to save results
mkdir %TKTNUM%-%COMPUTERNAME%-Results
set resultsDir=%TKTNUM%-%COMPUTERNAME%-Results

REM Run commands to collect system information.
echo "Collecting Running Processes"
tasklist /svc /FO CSV > "%resultsDir%\tasklist.csv"

echo "Collecting network statistics"
netstat -an > "%resultsDir%\netstat.txt"

echo "Creating browser history html file"
browsinghistoryview\BrowsingHistoryView.exe /HistorySource 1 /LoadIE 1 /LoadFirefox 0 /LoadChrome 1 /LoadSafari 0 /shtml "%resultsDir%\browsinghistoryview.html" 

echo "Collecting network statistics"
cports\cports.exe /scomma "%resultsDir%\cports.csv"

echo "Creating List of Opened Files"
ofview\OpenedFilesView.exe /scomma "%resultsDir%\ofview.csv"

echo "Creating list of Prefetch files"
winprefetchview-x64\WinPrefetchView.exe /stext "%resultsDir%\winprefetch.csv"

echo "Collecting USB device data"
usbdeview\USBDeview /stext "%resultsDir%\USBDeview.csv"

echo "Collecting processes, memory and thread information"
PSTools\pslist -x "%resultsDir%\PSlist.txt"

echo "Creating system information list"
PSTools\psinfo \\development -h -d "%resultsDir%\PSinfo.csv"

Lab 9a Scripting Practice - FlameSpyro/Tech-Journal GitHub Wiki

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️