Update bat for live parsing

Question

Update bat for live parsing

nwf9 opened this issue 6 years ago · 4 comments

Hi Diogo,

Is it possible to update your batch script to include the live command capabilites for Eric Zimmerman tools like MFT,Amcache and so on.

Answer 1 · 2019-01-26T11:03:40.000Z

Hey there,

What do you mean by live command capabilities? To provide support for customization of command parameters for the tools of Eric Zimmerman and possibly others?

Cheers

Answer 2 · 2019-01-30T14:03:06.000Z

I mean live response instead of collecting all those artifact.

Answer 3 · 2019-01-30T19:41:22.000Z

That would be a new tool entirely that falls out of the scope of batch forensics that this utility was written for. Have a look at https://github.com/google/grr for a live forensics tool.

Answer 4 · 2019-02-03T14:19:11.000Z

I’m not talking about an agent but only an improvement of this script to handle the locked files instead of grab something.