Comments on: Windows Incident Response Script http://www.cutawaysecurity.com/blog/archives/234 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Tue, 16 Feb 2010 06:48:31 +0000 http://wordpress.org/?v=2.8.4 hourly 1 By: Interesting Bits - May 7th, 2008 « Infosec Ramblings http://www.cutawaysecurity.com/blog/archives/234/comment-page-1#comment-30963 Interesting Bits - May 7th, 2008 « Infosec Ramblings Wed, 07 May 2008 19:01:29 +0000 http://www.cutawaysecurity.com/blog/archives/234#comment-30963 [...] This was actually posted last month by Don Weber, but I just came across it and thought it worth pointing out. He has written and provided to us all an incident response information collection script that uses only built-in Windows operating systems resources. Nifty! [...] [...] This was actually posted last month by Don Weber, but I just came across it and thought it worth pointing out. He has written and provided to us all an incident response information collection script that uses only built-in Windows operating systems resources. Nifty! [...]

]]> By: Christian http://www.cutawaysecurity.com/blog/archives/234/comment-page-1#comment-30943 Christian Sat, 19 Apr 2008 01:32:05 +0000 http://www.cutawaysecurity.com/blog/archives/234#comment-30943 Haha, no worries Don. I like the concept and simplicity of the script, and you've done something which I'm sure heaps of people have thought about before. Again, nice work. Regards, Christian Haha, no worries Don. I like the concept and simplicity of the script, and you’ve done something which I’m sure heaps of people have thought about before.

Again, nice work.

Regards,
Christian

]]> By: cutaway http://www.cutawaysecurity.com/blog/archives/234/comment-page-1#comment-30942 cutaway Fri, 18 Apr 2008 11:56:48 +0000 http://www.cutawaysecurity.com/blog/archives/234#comment-30942 Christian, First Bug!!! Excellent. Thank you very much. That is what I get for making changes and not testing them. I had that function disabled and I enabled it right before uploading thinking all was well. The scope of the variables extends into the function. So, I didn't need to pass them at all. I had commented out that function for testing and forgot to go back an update the function call after I learned more about variable scope in VBScripts. Of course, I do not explicitly define my variables and that will be bad later and needs to be updated. Thanks again. I have added you my Blogroll as a prize. Sorry it is not better. Go forth and do good things, Don C. Weber Christian,

First Bug!!! Excellent. Thank you very much. That is what I get for making changes and not testing them. I had that function disabled and I enabled it right before uploading thinking all was well.

The scope of the variables extends into the function. So, I didn’t need to pass them at all. I had commented out that function for testing and forgot to go back an update the function call after I learned more about variable scope in VBScripts.

Of course, I do not explicitly define my variables and that will be bad later and needs to be updated.

Thanks again. I have added you my Blogroll as a prize. Sorry it is not better.

Go forth and do good things,
Don C. Weber

]]> By: Christian http://www.cutawaysecurity.com/blog/archives/234/comment-page-1#comment-30941 Christian Fri, 18 Apr 2008 06:33:25 +0000 http://www.cutawaysecurity.com/blog/archives/234#comment-30941 Ah, sorry about the double post - also noticed (and I should've been paying attention perhaps) that the /out option has to specify an absolute path, not a relative path. For example, I created a local "output" folder, and then provided the /out:output option. Due to how the script calls other functions, I found the bulk of the output in C:\Windows\system32\output\. User error. My bad. Regards, Christian Ah, sorry about the double post – also noticed (and I should’ve been paying attention perhaps) that the /out option has to specify an absolute path, not a relative path. For example, I created a local “output” folder, and then provided the /out:output option. Due to how the script calls other functions, I found the bulk of the output in C:\Windows\system32\output\.

User error. My bad.

Regards,

Christian

]]> By: Christian http://www.cutawaysecurity.com/blog/archives/234/comment-page-1#comment-30940 Christian Fri, 18 Apr 2008 06:25:18 +0000 http://www.cutawaysecurity.com/blog/archives/234#comment-30940 Hey Don, Just noticed that when I tried to run it I had an error at line 252. It was complaining about "Cannot use parentheses when calling a sub". I found by adding the "call" statement in front of the BackupLogFiles(objTextFile, deBugging) call it would work. For example: call BackupLogFiles(objTextFile, deBugging) '* Backup Log Files Unsure if this is related to my particular version of cscript (on my VM cscript version is 5.6). Nice work btw :) Regards, Christian Hey Don,

Just noticed that when I tried to run it I had an error at line 252. It was complaining about “Cannot use parentheses when calling a sub”. I found by adding the “call” statement in front of the BackupLogFiles(objTextFile, deBugging) call it would work. For example:
call BackupLogFiles(objTextFile, deBugging) ‘* Backup Log Files

Unsure if this is related to my particular version of cscript (on my VM cscript version is 5.6).

Nice work btw :)

Regards,

Christian

]]>