*sigh* Go figure. :(
I got "Everything" (Which is an application, not "everything" as in the whole application) from http://www.voidtools.com/.
Here is the Virustotal.com Results: http://www.virustotal.com/analisis/d31354e...c324-1244611403
29/37 scanners detected something. In these cases, it was the NirSoft Password collection tools that registered as malware because of their possible uses. I have included nothing that will in any way will harm a computer, or remain resident after the USB drive is removed. But as they always say, "trust, but verify".
Here is the code for the main script: http://pastebin.com/f130d4451. Make sure to note that the main script sits in the same directory as the tools it uses, and it sends logfiles to the "Logfiles" directory which is in the parent directory (ex. drive root).
So it looks kind of like this:
-------------------------------------------
Root (E:)
-Files (E:\Files)
--SCRIPT.BAT (E:\Files\SCRIPT.BAT
-Logfiles (E:\Logfiles)
-------------------------------------------
Of course, it would be altogether easier to just download the script and use it, "antivirus false positive" concerns aside. In addition to the automated data collection, there is a menu that allows you to access other tools for either pouring over the collected data or for manually collecting data.
I plan to update the script sometime soon, as I have included a new "podslurping" script that I am eager to see used.
BTW, here are some screenshots of my script for those interested.
Main menu
The Incident Response Payload running...