A batch script to document key information on a live Windows machine during the digital forensics process.
- Download the zip file
- Run
script.baton your target machine
| Command | Functionality |
|---|---|
| time /t | Display the current time of system |
| date /t | Display the current date of system |
| whoami | Display the name of the account that’s currently logged on, its SID, the names of the security groups of which it’s a member, and its privileges |
| whoami /USER | Displays information on the current user along with the security identifier (SID) |
| whoami /GROUPS | Displays group membership for current user, type of account, security identifiers (SID) and attributes |
| ver | Display the version of windows |
| systeminfo | Displays detailed configuration information about a computer and its operating system |
| tasklist | Displays a list of currently running processes on the computer |
| tasklist | sort | Sort the list of process by name |
| tasklist /svc | Lists all the service information for each process m |
| ipconfig/all | Displays all current TCP/IP network configuration values |
| netstat -ano | Dsplays the network status and protocol statistics |
| schtasks | Schedules view the commands and programs to run periodically or at a specific time |