Funny enough, I was just working on a use for this. When I saw it, I was more interested in using the same thing to do a security audit on a PC.
Currently the script I have (manually run) and I'm modding it to work the same way as the switchblade. This is mainly used to audit a PC if it's been hacked into. It uses some bog standard command line tools included with windows and some from sysinternals.
It does the following (with the programs used):
* Enumerate Logged On Users (logonsessions)
* Get Process Information (pslist, tasklist, tlist, wmic)
* Get Loaded Modules for all processes (listdlls, tasklist)
* Enumerate Network Information (netstat, nbtstat)
* Get Service Information (wmic,sc)
* Get Driver Information (wmic, driverquery)
* Get useraccount information (wmic)
* Get MAC times for all files on C: drive (dir c: /a /s /q /[tw,ta,tc])
* List all files on C: drive (duh.. dir)
* Dump Permissions on all files in all directories (cacls)
* Check all files on C: for Alternate Data Streams (lads)
* Dump the registry to file (reg export)
* Dump event logs to file (wmic)
Once this information has been collected (onto the USB stick) it can be looked at later.
ReG