We can see what are all the files which are locally open with the link http://www.nirsoft.net/utils/opened_files_view.html
We can see what are all the files which are remotely open with the link
c:\Tools>net file
ID Path User name # Locks
-------------------------------------------------------------------------------
12 C:\\ Bala 0
230 C:\\ Bala 0
233 C:\\Tools Bala 0
689 C:\\Tools Bala 0
The command completed successfully.
http://technet.microsoft.com/en-us/sysinternals/bb897552.aspx
c:\Tools>Psfile.exe
psfile v1.02 - psfile
Copyright ⌐ 2001 Mark Russinovich
Sysinternals
Files opened remotely on BALA-PC:
[12] C:\\
User: Bala
Locks: 0
Access: Read
[230] C:\\
User: Bala
Locks: 0
Access: Read
[233] C:\\Tools
User: Bala
Locks: 0
Access: Read
[689] C:\\Tools
User: Bala
Locks: 0
Access:
c:\Tools>
We can see all the recently accessed Documentation and Pictures with this command
http://www.nirsoft.net/utils/recent_files_view.html
Collecting Command Prompt History
We can see all the recently entered command in cmd prompt with the following command or F7.
c:\Tools>doskey /history
cls
serviwin.exe
net native start
net start
cls
svcutil.exe
svcutil.exe stop
svcutil.exe STOP
Identify Shares on the infected system
c:\Tools>net share
Share name Resource Remark
-----------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
The command completed successfully.
We can see what are all the files which are remotely open with the link
c:\Tools>net file
ID Path User name # Locks
-------------------------------------------------------------------------------
12 C:\\ Bala 0
230 C:\\ Bala 0
233 C:\\Tools Bala 0
689 C:\\Tools Bala 0
The command completed successfully.
http://technet.microsoft.com/en-us/sysinternals/bb897552.aspx
c:\Tools>Psfile.exe
psfile v1.02 - psfile
Copyright ⌐ 2001 Mark Russinovich
Sysinternals
Files opened remotely on BALA-PC:
[12] C:\\
User: Bala
Locks: 0
Access: Read
[230] C:\\
User: Bala
Locks: 0
Access: Read
[233] C:\\Tools
User: Bala
Locks: 0
Access: Read
[689] C:\\Tools
User: Bala
Locks: 0
Access:
c:\Tools>
We can see all the recently accessed Documentation and Pictures with this command
http://www.nirsoft.net/utils/recent_files_view.html
Collecting Command Prompt History
We can see all the recently entered command in cmd prompt with the following command or F7.
c:\Tools>doskey /history
cls
serviwin.exe
net native start
net start
cls
svcutil.exe
svcutil.exe stop
svcutil.exe STOP
Identify Shares on the infected system
c:\Tools>net share
Share name Resource Remark
-----------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
The command completed successfully.
No comments:
Post a Comment