X hits on this document

142 views

0 shares

0 downloads

0 comments

28 / 47

Orion Incident Response Live CD 2

to read the path information from the user, tab auto-completion and command line editing are supported. In the example below, the tab key was pressed twice to list the directories and folders under the path /mnt/smb/.

root@orion:~# /orion/scripts/acquire-path /orion/scripts/acquire-path:

Recursively copy files in the specified path using either scp (remote) or cp (mounted). Files and checksums are put in /root/data/. ============================================== Path (user@host:/path if remote): /mnt/smb/

AUTOEXEC.BAT boot.ini CONFIG.SYS dbc96c92/

ntldr pagefile.sys Program Files/ sans/

Documents and Settings/ img.dd IO.SYS MSDOS.SYS NTDETECT.COM

System Volume Information/ temp/ tools/ WINDOWS/

Path (user@host:/path if remote): /mnt/smb/dbc96c92

/bin/cp -r /mnt/smb/dbc96c92 /root/data//mnt/smb

ed97f3276d9fabcf0068de2172df8da5 /root/data/mnt/smb/dbc96c92/hh.exe e20fa6287839fb0086e859f265dc74cd /root/data/mnt/smb/dbc96c92/iti.dll [ ... ]

Copying files from a mounted SMB share

6.6.2. Windows System Information

The script /orion/scripts/get-win-info utilizes Andrzej Hajda’s winexe program to execute commands to gather volatile information from a remote Windows host.

John Jarocki, john.jarocki@gmail.com

Document info
Document views142
Page views143
Page last viewedWed Dec 07 23:06:46 UTC 2016
Pages47
Paragraphs864
Words8806

Comments