DHT420 Posted June 9, 2009 Share Posted June 9, 2009 Incident Response Switchblade 1.7+ --- This is the result of some pretty heavy modifications of the Incident Response Payload. A lot of new functionality has been added. I.E. volumes of information collection, the ability to compress/encrypt output files, calculating the md5s of output files, a scan log detailed what information was collected and when, etc etc. It's really too much for me to describe, and being the lazy idiot that I am I didn't keep a meticulous changelog. In summary, it's a retooling of the Incident Response Payload into a script that toes the line between system information collection and forensic data acquisition. It is not U3 specific, and can operate on any USB drive. You can download it from here http://sharebee.com/e0ef9532 Quote Link to comment Share on other sites More sharing options...
Jen Posted June 10, 2009 Share Posted June 10, 2009 Will dl and scan Quote Link to comment Share on other sites More sharing options...
m1k Posted June 12, 2009 Share Posted June 12, 2009 Any info?... It works? If so,tomorrow I will buy another usb pen Let me know please ;) Quote Link to comment Share on other sites More sharing options...
Jen Posted June 14, 2009 Share Posted June 14, 2009 haven't tested, but everythign is detected by av Quote Link to comment Share on other sites More sharing options...
m1k Posted June 14, 2009 Share Posted June 14, 2009 :( Quote Link to comment Share on other sites More sharing options...
DHT420 Posted June 14, 2009 Author Share Posted June 14, 2009 haven't tested, but everythign is detected by av *sigh* Go figure. :( I got "Everything" (Which is an application, not "everything" as in the whole application) from http://www.voidtools.com/. Here is the Virustotal.com Results: http://www.virustotal.com/analisis/d31354e...c324-1244611403 29/37 scanners detected something. In these cases, it was the NirSoft Password collection tools that registered as malware because of their possible uses. I have included nothing that will in any way will harm a computer, or remain resident after the USB drive is removed. But as they always say, "trust, but verify". Here is the code for the main script: http://pastebin.com/f130d4451. Make sure to note that the main script sits in the same directory as the tools it uses, and it sends logfiles to the "Logfiles" directory which is in the parent directory (ex. drive root). So it looks kind of like this: ------------------------------------------- Root (E:) -Files (E:\Files) --SCRIPT.BAT (E:\Files\SCRIPT.BAT -Logfiles (E:\Logfiles) ------------------------------------------- Of course, it would be altogether easier to just download the script and use it, "antivirus false positive" concerns aside. In addition to the automated data collection, there is a menu that allows you to access other tools for either pouring over the collected data or for manually collecting data. I plan to update the script sometime soon, as I have included a new "podslurping" script that I am eager to see used. BTW, here are some screenshots of my script for those interested. Main menu The Incident Response Payload running... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.