Skip to content

rousojohn/CustomForensicsTool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
makis.bat
makis.bat
 
 
originalSigs.txt
originalSigs.txt
 
 
test.txt
test.txt
 
 

Repository files navigation

CustomForensicsTool

Installation

run the makis.bat with Administrator privilledges in the same folder with the required tools. If you want to gather all information uncomment the following lines: 35 (Generating Filesystem timeline).

Also at line 551 (Memory Dump) User Interaction is required, answering 'Y' and hitting Enter on 'Success'

Requirements

  1. fciv.exe - File Checksum Integrity Verifier utility. Download: http://support.microsoft.com/kb/841290

  2. RawCopy.exe - Application that copy files off NTFS volumes by using low level disk reading method. Download: https://code.google.com/p/mft2csv/wiki/RawCopy

  3. DumpIt.exe - A physical memory dump utility. Download: http://www.moonsols.com/downloads/7

  4. winprefetchview.exe - utility that reads the Prefetch files stored in your system. Download: http://www.nirsoft.net/utils/win_prefetch_view.html

  5. ChromeCacheView.exe - utility that reads the cache folder of Google Chrome Web browser. Download: http://www.nirsoft.net/utils/chrome_cache_view.html

  6. fls.exe - http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.3/sleuthkit-4.1.3-win32.zip/download

  7. handle.exe - http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx

  8. iehv.exe - utility reads all information from the history file on your computer, and displays the list of all URLs that you have visited in the last few days. Download: http://www.nirsoft.net/utils/iehv.html

  9. Listdlls.exe - utility that reports the DLLs loaded into processes. Download: http://technet.microsoft.com/en-us/sysinternals/bb896656.aspx

  10. MozillaHistoryView.exe - a small utility that reads the history data file (history.dat) of Firefox/Mozilla/Netscape Web browsers. Download: http://www.nirsoft.net/utils/mozilla_history_view.html

  11. pendmoves.exe - dumps the contents of the pending rename/delete value and also reports an error when the source file is not accessible. Download: http://technet.microsoft.com/en-us/sysinternals/bb897556.aspx

  12. psfile.exe - shows you a list of the files that other computers have opened on the system upon which you execute the command. Download: http://technet.microsoft.com/en-us/sysinternals/bb897552.aspx

  13. PsInfo.exe - gathers key information about the local or remote Windows NT/2000 system. Download: http://technet.microsoft.com/en-us/sysinternals/bb897550.aspx

  14. pslist.exe - Download: http://technet.microsoft.com/en-us/sysinternals/bb896682.aspx

  15. PsService.exe - a service viewer and controller for Windows. Download: http://technet.microsoft.com/en-us/sysinternals/bb897542.aspx

  16. showacls.exe & now.exe - http://www.microsoft.com/en-us/download/details.aspx?id=17657

  17. autorunsc.exe - http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

  18. psloglist.exe - http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx

  19. sigcheck.exe - http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages