SBM Labs

Cyber Security Collaboration Project

Gathering Volatile Data
09 Dec 2016

1. System Time.

> date /t & time /t
> net statistics server

2. Logged-On Users.

> net sessions
> c:\SysinternalsSuite\PsLoggedon.exe
> c:\SysinternalsSuite\logonsessions.exe

3. Files.

> net file
> c:\SysinternalsSuite\psfile.exe

3. Network.

> ipconfig /all

> nbtstat -n
> netstat -ona

> c:\SysinternalsSuite\Tcpview.exe

4. Processes.

> tasklist

> c:\SysinternalsSuite\procexp.exe

> c:\SysinternalsSuite\Procmon.exe

> c:\SysinternalsSuite\pslist.exe

> c:\SysinternalsSuite\Listdlls.exe

> c:\SysinternalsSuite\handle.exe

5. Command History.

> doskey /history

5. Mapped Drives.

> net use

5. Shares.

> net share

Gathering Non-Volatile Data