ir-rescue icon indicating copy to clipboard operation
ir-rescue copied to clipboard

Published 20 hours ago verified publisher icon diogo-fernan

Metadata

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Results 4 ir-rescue issues
Sort by recently updated
recently updated
newest added

Extending Functionality

3 comment

Added the following extractions: - installed software - shellbags - extraction of NTUSER and UsrClass log files

fmurer avatar fmurer

enhancement

Feature Request: Window Event PowerShell and Window Event Export CSV Format

Hi diogo-fernan, First of all, Thank for your great tool. Secondly, I would like to request 2 new features in this script is export Window Event Powershell and CSV Format....

sangantnk8 avatar sangantnk8

Use memtriage

1 comment

Hi Diogo, Use memtriage to grab all the relevant info without dumping memory.

nwf9 avatar nwf9

enhancement

Autorun and Web browser history

Hello, **For the windows version** I think there is a problem with the autoruns.exe (see screenshot) Also for the web browser history, instead of : `"%BHV% /HistorySource 1 /VisitTimeFilterType 1...

Absenti avatar Absenti

Metadata

452
Stars
94
Forks
Watchers

Owner

verified publisher icon diogo-fernan

Metadata

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Back