I have taken some time to write an incident response script using only the resources provided by the Windows operating system. You can find out the why by reading the article I wrote titled Windows Incident Response With Only System Resources or the how by reviewing the code I wrote. UPDATE: I broke the link when I did a bug fix. So, this link may break in the future, please refer to the complete article for the most recent version.
I hope that some of you find this useful and that this centralizes a lot of the information necessary to understand the abilities inherent to the Windows operating system. It is nothing ground breaking. Just a few things that can be done if you do not have or are not allowed to obtain and use the number of very useful tools that are available online or through a vendor.
Go forth and do good things,
Don C. Weber
wmi, wmic, vbscript, Security Ripcord, incident response 







