Skip to content

File and file meta information collect using PowerShell in Live Response environment.

License

Notifications You must be signed in to change notification settings

iidx/PSListCopy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PSListCopy

  • File and file meta information acquisition using PowerShell in Live Response environment.

Requirements

  • Python 3.8+

Usage

  1. First, prepare a list of files to be collected from the Victim PC, such as tests\sample.txt.
  2. Create a PowerShell script with the following command.
    • When collecting both files and metadata: python PSListCopy.py -l files.txt
    • When collecting only metadata: python PSListCopy.py -l files.txt -n
  3. Move the PowerShell script(PSListCopy.ps1) to Victim PC.
  4. Run PowerShell as administrator on Victim PC.
  5. Enter the Set-ExecutionPolicy Unrestricted command to temporarily change the script execution policy.
  6. Run PSListCopy.ps1

About

File and file meta information collect using PowerShell in Live Response environment.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published