Forensic Scripts - Browse /QDirt - Live Response at SourceForge.net

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
README.txt	2013-05-13	2.7 kB	0
Totals: 1 Item		2.7 kB	0

STATUS: In development. Check back for updates.

QDirt: Quick and Dirty Incident Response Tool

__________________________________________________
About This Tool
__________________________________________________

QDirt is a simple set of batch scripts designed to acquire critical data from live systems and send it, encrypted, to a forensic workstation for review. Unlike other tools designed with the same purpose, QDirt follows a very simple set of questions that an incident responder or forensic examiner can answer to quickly harvest the data they need. The tool can also be used to redirect acquired information to a locally attached device. The source is provided to allow fellow examiners the ability to use it and modify it as they see fit.

The tool was designed for ease of use and quick operations. The author [See: me] very much supports free software. As such, this title is licensed under the GPL v3.0 in the full spirit of open source. I eagerly invite fellow examiners to borrow code from it in whole or part to accomplish their goals. I designed QDirt for my own personal needs but would gladly like to see others with limited scripting experience making their own tools from it.

Data redundancy is to be expected and is desired for forensic validation of the data acquired. If in doubt, run it in combination with your standard live response tools for the best results.

Note that running these tools *will* leave remains on the target system, please understand the tools before you decide to run them. This project is very much in development.

All third party tools are available on their respective sites below. Although most are GPL licensed, you should visit the developer pages to download them if I haven't included them in this repository. They put a lot of hard work into those tools so I've decided to provide the links instead of redistributing their work. If you are one of the software developers and would like me to feature your work in this repository, let me know!

Additionally, I was considering implementing some really great memory analysis tools but had to draw the line somewhere. This tool is for live response only and not analysis. The reason why it dumps critical volatile information to text files is strictly for either triage or acquiring volatile data in an easy-to-read way.

If you are looking for something more refined please see Harlan Carvey's Forensic Server Project at: http://sourceforge.net/projects/windowsir/files/ -- actually, all his tools are outstanding and can easily accomplish more than any compilation of batch scripts.

Contact me at interrupt08@users.sf.net to say hello!

Source: README.txt, updated 2013-05-13

Forensic Scripts Files

Forensic scripts for evidence acquisitions, analysis and more