Tuesday, April 15, 2014

Forensics of Remote PC (Part 1)



Once you got the meterpreter session use ‘shell ‘command to get command prompt of the target

How to Find System Boot Time and Install Original Date
Systeminfo – Displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, and product ID, and hardware properties, such as RAM, disk space, and network cards.



How to Detect Last Connected USB
Reg query hklm\system\CurrentControlSet\Enum\usbstor



How to View Last Used Command in Run Dialog Box
reg query hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU



How to View Installed software
Reg query hkcu/software


How to Find the All installed Drivers
Driverquery – Displays a list of all installed device drivers and their properties.



1 comment:

Contact Form

Name

Email *

Message *