Skip to content
This repository has been archived by the owner on Jan 2, 2024. It is now read-only.
/ irCRpull Public archive

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Notifications You must be signed in to change notification settings

n3l5/irCRpull

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

irCRpull

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Crowdstrike CrowdResponse - http://www.crowdstrike.com/community-tools/index.html

[Important] The CrowdResponse download includes a default/sample config.txt

This script specifies the CrowdResponse.exe options via "-i config.txt". Alternatively, you can edit the script to manually specify the commands run time instructions. The config.txt is important for getting the results you want from the system; look at it, tweak it, test it... (it is up to you)

It will dump the data into .xml files/reports in the $dumpdir you specify (later packed and pulled).

When done collecting the artifacts, it will 7zip the data and pull the info off the box for offline analysis.

See the script for more info.

About

irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ system on your network.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published