Giters

n3l5 / irCRpull

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

irCRpull

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Crowdstrike CrowdResponse - http://www.crowdstrike.com/community-tools/index.html

[Important] The CrowdResponse download includes a default/sample config.txt

This script specifies the CrowdResponse.exe options via "-i config.txt". Alternatively, you can edit the script to manually specify the commands run time instructions. The config.txt is important for getting the results you want from the system; look at it, tweak it, test it... (it is up to you)

It will dump the data into .xml files/reports in the $dumpdir you specify (later packed and pulled).

When done collecting the artifacts, it will 7zip the data and pull the info off the box for offline analysis.

See the script for more info.

About

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Languages

Language:PowerShell 100.0%